Assess risk¶
On the Risk tab, you can identify potential risks to the Use Case, and then determine how you plan to address and mitigate those risks using DataRobot risk management tools. Risk includes anything that may impact the Use Case, including legal, operational, IT security, strategic, bias and fairness, etc. Because risk is always changing, risk assessments need to be updated and/or created periodically.
Each risk assessment is comprised of three main parts:
- Identify: Identify potential risks for the Use Case.
- Mitigate: Describe plans to mitigate those risks.
- Govern: Provide evidence that mitigation measures have been implemented.
To access the risk assessment and management tools, open a Use Case and go to the Use Case management tab. Then, click Risk.
From here, you can:
| Element | Description | |
|---|---|---|
| 1 | Manage policy templates | Opens a modal where you can view and manage governance policy templates, as well as create new templates. |
| 2 | + Add risk assessment | Creates a new risk assessment. |
| 3 | Mark as primary risk assessment | Adds a star badge next to the title to indicate that it is the primary risk assessment. |
| 4 | Edit | Opens the risk assessment in a new modal where you can make modifications. |
| 5 | Delete risk assessment | Deletes the risk assessment. |
Add a risk assessment¶
To add a risk assessment:
-
Click + Add risk assessment.
-
Select a Governance policy template from the dropdown. After making a selection, the template is displayed.
Follow the link directly below the governance policy template to assess your risk level. Requirements, and therefore what you will need to mitigate, will differ based on your risk level. If you are using a custom template, refer to your organization's policies.
-
Select the appropriate Risk level from the dropdown.
-
In the Risk description section, describe potential risks for the Use Case and estimate the probability of those risks occurring.
In this example, an insurance organization is describing risk of bias in models used for decision-making.
-
In the Risk management plan section, describe how you plan to address and mitigate the risks identified in the previous section.
In this example, the insurance organization describes how it plans to identify and mitigate bias at various stages of the model lifecycle through bias detection capabilities and compliance documentation.
-
In the Evidence section, provide evidence that the risk mitigation plan has been implemented.
In this example, the insurance organization includes a link to the compliance documentation mentioned in the previous section as well as the model's deployment report.
-
When you're done, click Add in the upper-right corner.
Governance policy templates¶
Governance policy templates serve as an outline for risk assessments and are available from a dropdown when you choose to add a risk assessment. You can create custom templates based on your organization's security policies to help guide users who create risk assessments in the future.
To access your organization's governance policy templates, click Manage policy templates.
This opens the Manage governance policy templates modal.
From here, you can:
| Element | Description | |
|---|---|---|
| 1 | + Create template | Creates a new governance policy template. |
| 2 | Available templates | Lists all available—both custom and default—governance policy templates for your organization. |
| 3 | Current template | Displays the governance policy that is currently selected. |
| 4 | Delete/Edit | Allows you to delete or edit the template. Note that you can only modify templates that you have owner or edit access to. Default templates cannot be modified. |
Add a policy template¶
When you add a risk assessment, you must first choose a governance policy template that serves as an outline for the content to be included. These templates can reflect your organization's governance policies and guide users when creating future risk assessments.
To create a custom governance policy template:
-
Click + Create policy template.
-
Fill in the following fields:
Field Description 1 Name Enter a descriptive name for the governance policy template. 2 Risk levels Add the risk levels associated with this template. To add a risk level, click + Add level. In this example, there are three levels: Minimal, Medium, and High. 3 Risk description Optional. Enter a risk description, for example, any helpful links or information that you want displayed to users when creating future risk assessments. -
When you're done, click Create template.