GRC Store

Search / finos-aigf/air-prin / 0.2.0

Release · 0.2.0

FINOS-AIGF/AIR-PRIN Principle Catalog

FINOS-AIGF/AIR-PRIN

Core principles underpinning the FINOS AI Governance Framework. Each principle represents a foundational value that one or more AIGF mitigations (guidelines) are designed to uphold.

Published by FINOS-AIGF

Install

OCI v1.1
$grcli unpack --repository finos-aigf/air-prin --tag 0.2.0
Coordinate
oci.grc.store/finos-aigf/air-prin:0.2.0
Manifest digest
sha256:dc766f9d04b21bb2bfcfc6a5e53e45f1b50385006199557d314223a105dff1d2

Provenance

1 layer
Digest Media type Size
70a47d0b2b82… application/vnd.gemara.artifact.v1+yaml 2.5 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "1.1.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "AIR-PRIN",
            "type": "PrincipleCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-aigf/air-prin",
            "tag": "0.2.0"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/ai-governance-framework",
          "GITHUB_RUN_ATTEMPT": "2",
          "GITHUB_RUN_ID": "26532971488",
          "GITHUB_SHA": "baf269f8774c3d3facc4f01fa86fcdb956932bb7",
          "GITHUB_WORKFLOW": "Publish Gemara bundles to grc.store",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "gemara/principles.yaml",
            "uri": "file://gemara/principles.yaml",
            "digest": {
              "sha256": "70a47d0b2b82a7cc1ea40401fa6e54aabfeebd553b2e3e8123ac0c491515025e"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/ai-governance-framework@baf269f8774c3d3facc4f01fa86fcdb956932bb7",
            "digest": {
              "gitCommit": "baf269f8774c3d3facc4f01fa86fcdb956932bb7"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/ai-governance-framework/actions/runs/26532971488",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.1.1"
          }
        },
        "metadata": {
          "invocationId": "26532971488-2",
          "startedOn": "2026-05-27T19:14:04.993956871Z",
          "finishedOn": "2026-05-27T19:14:05.162648898Z"
        },
        "byproducts": [
          {
            "name": "principles.yaml",
            "digest": {
              "sha256": "70a47d0b2b82a7cc1ea40401fa6e54aabfeebd553b2e3e8123ac0c491515025e"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "principles.yaml",
      "type": "PrincipleCatalog",
      "id": "AIR-PRIN",
      "role": "artifact"
    }
  ]
}

AI Governance Framework Principles

Core principles underpinning the FINOS AI Governance Framework. Each principle represents a foundational value that one or more AIGF mitigations (guidelines) are designed to uphold.

ID
AIR-PRIN
Version
0.2.0
Gemara version
1.1.0
Author
FINOS-AIGF

Data Protection

Principles governing the handling, classification, and minimization of sensitive data within AI systems.

  1. AIR-PRIN-001 Proactive Data Sanitization

    Apply filtering and anonymization techniques before data enters the AI processing pipeline, vector databases, or any external service endpoints.

  2. AIR-PRIN-002 Data Classification Awareness

    Understand and respect the sensitivity levels and access controls associated with source data when determining appropriate filtering strategies.

  3. AIR-PRIN-003 Principle of Least Exposure

    Only include data in AI systems that is necessary for the intended business function, and ensure that even this data is appropriately de-identified or masked when possible.

Security Architecture

Principles addressing layered defenses and resilience in AI system design.

  1. AIR-PRIN-004 Defense in Depth

    Implement multiple layers of filtering at data ingestion, during processing, and at output generation to create robust protection against data leakage.

Governance

Principles ensuring transparency, accountability, and auditability of AI data processing activities.

  1. AIR-PRIN-005 Auditability and Transparency

    Maintain clear documentation and audit trails of what data filtering processes have been applied and why.