ISTAG Guiding Principles

The Institute for Standards in Technology & AI Governance (ISTAG) is founded on the belief that organisations must remain in control of the technologies they deploy. As artificial intelligence and advanced automation become increasingly embedded within enterprise operations, governance, accountability, and assurance must evolve at the same pace as innovation.

1. Organisational Control

Organisations must retain effective control over the operation, deployment, and use of artificial intelligence systems. Technology should support organisational objectives and decision-making, not diminish oversight, authority, or responsibility.

2. Accountability

Responsibility for outcomes remains with identifiable individuals and organisations. AI systems may assist, inform, or automate activities, but accountability cannot be delegated to technology.

3. Transparency and Traceability

Material decisions, actions, and outputs generated through AI systems should be capable of being understood, traced, and reviewed. Organisations should maintain sufficient records to demonstrate how systems operate and how decisions are reached.

4. Auditability

AI systems should be implemented in a manner that supports independent verification, review, and assurance. Inputs, outputs, model interactions, governance decisions, and control activities should be capable of examination throughout the system lifecycle.

5. Governance by Design

Governance should be embedded into technology design, procurement, deployment, and operation. Effective oversight cannot be added retrospectively and must form part of the organisational control environment from the outset.

6. Risk-Based Oversight

Governance controls should be proportionate to the risks presented by a system. Higher-impact applications require greater levels of scrutiny, assurance, monitoring, and human oversight.

7. Security and Data Stewardship

Organisations must maintain appropriate safeguards for information, intellectual property, operational assets, and personal data. AI adoption should strengthen, not weaken, organisational security and resilience.

8. Evidence-Based Assurance

Claims regarding safety, reliability, effectiveness, compliance, or trustworthiness should be supported by documented evidence, measurable controls, and verifiable assurance activities.

9. Continuous Oversight

Governance does not end at deployment. AI systems should be subject to ongoing monitoring, review, testing, and improvement to ensure continued alignment with organisational objectives, regulatory obligations, and risk tolerance.

10. Standards for Public Trust

The responsible adoption of advanced technology depends upon confidence from customers, citizens, regulators, investors, and stakeholders. Public trust is strengthened through transparent governance, demonstrable controls, and accountable leadership.

11. Independence and Integrity

ISTAG will operate independently of vendor, political, and commercial interests. Standards and guidance will be developed objectively, informed by evidence, practical experience, and the needs of organisations operating in the public interest.

12. Practicality and Implementation

Effective governance must be capable of implementation. ISTAG promotes standards, frameworks, and controls that can be applied consistently across organisations of different sizes, sectors, and levels of technological maturity.