AIG-009 AI System Deployment and Change Management
Description
A documented deployment plan is required before any AI system enters production. The plan includes: pre-deployment checklist (V&V sign-off, impact assessment completion, operational runbook availability), rollback procedure, and communication plan for affected users. Substantial modifications to deployed AI systems trigger the same pre-deployment controls as new deployments. A 'substantial modification' is defined and examples are provided in the deployment policy.
Rationale
Ungated AI deployments and modifications are a leading source of production incidents; deployment controls for AI must mirror those applied to security-sensitive software releases.
Framework Mappings (4)
| EU-AI-Art.43.3 | Conformity Assessment — Reassessment After Substantial Modification | full |
| A.6.2.5 | AI system deployment | full |
| MANAGE 1.1 | AI System Purpose and Deployment Determination | partial |
| MANAGE 4.1 | Post-Deployment AI System Monitoring | partial |
Evidence (2)
Completed pre-deployment checklist for each AI system deployment or substantial modification, documenting V&V sign-off, impact assessment completion, rollback procedure availability, and deployment approval.
Example: AI Deployment Checklist — Recommendation Engine v2.1 (Jira ticket AI-1203), showing all gates passed, rollback procedure linked, and sign-off by AI system owner on 2026-01-08
Test: Request pre-deployment checklists for a sample of recent AI system releases. Verify: (1) V&V sign-off is recorded, (2) impact assessment is referenced and completed, (3) rollback procedure is documented and linked, (4) operator runbook is available, (5) an authorised owner has approved the deployment, (6) the definition of 'substantial modification' is applied consistently.
AI deployment and change management policy defining the required gates, rollback requirements, and the definition of 'substantial modification' that triggers full pre-deployment controls.
Example: AI Change Management Policy v1.1 (Confluence), defining substantial modification examples (training data source change, model architecture change, inference threshold change), required checklist items, and approval authority per tier
Test: Request the AI deployment/change management policy. Verify: (1) 'substantial modification' is defined with concrete examples, (2) required pre-deployment artefacts are enumerated, (3) rollback procedure requirement is stated, (4) approval authority is defined per AI risk tier, (5) policy applies to third-party model updates where the organisation is deployer.
Questions (2)
Is a deployment plan with defined gates, rollback procedures, and sign-off required before any AI system enters production?
Ungated AI deployments and modifications are a leading source of production incidents. The deployment plan should require V&V sign-off, impact assessment completion, and a tested rollback procedure before go-live.
Does your AI deployment and change management policy define what constitutes a 'substantial modification' that triggers full pre-deployment controls?
Without a clear definition, teams make inconsistent judgements about whether changes require pre-deployment review. The definition should include examples such as training data source changes, model architecture changes, and inference threshold changes.