AI Councils
Operations

Incidents

Managing AI-specific incidents and near-misses.

What Counts as an AI Incident?

An AI incident is any event where an AI system causes or contributes to harm, near-harm, or a significant deviation from expected behavior. Examples:

  • A model produces biased or discriminatory outputs in production
  • An AI system makes a consequential error affecting a real person
  • A data breach involves training data or model outputs
  • A generative AI system produces harmful, illegal, or reputation-damaging content
  • A system fails in a way that disrupts business operations
  • A near-miss is identified before harm occurs

Incident Response Process

1. Report

Anyone can report an AI incident or near-miss. Channels should include:

  • A dedicated email or form
  • The champion network (first point of contact in most teams)
  • Existing incident management tools (e.g., ServiceNow, PagerDuty)

2. Triage

The council chair or on-call designee triages the incident:

SeverityDescriptionResponse Time
CriticalActive harm to individuals, legal exposure, public-facingImmediate
HighSignificant risk of harm, regulatory implicationsWithin 24 hours
MediumDegraded performance, internal impactWithin 3 business days
LowMinor anomaly, no direct harmNext scheduled review

3. Contain

  • Stop the system from causing further harm (pause, roll back, add human review)
  • Notify affected individuals if required
  • Preserve evidence (logs, inputs, outputs)

4. Investigate

  • What happened?
  • What was the root cause?
  • Was this foreseeable? Was it in the risk assessment?
  • What controls failed or were missing?

5. Remediate

  • Fix the immediate issue
  • Update controls, monitoring, and risk assessment
  • Implement preventive measures

6. Review and Learn

  • Present findings at the next council meeting
  • Update the incident log
  • Update policies, templates, or training if needed
  • Share anonymized lessons learned with the champion network

Incident Log Template

FieldDescription
Incident IDUnique identifier
Date reportedWhen the incident was reported
SystemAI system name and ID
SeverityCritical / High / Medium / Low
DescriptionWhat happened
ImpactWho was affected and how
Root causeWhat went wrong
Actions takenContainment and remediation steps
Lessons learnedWhat the organization should do differently
StatusOpen / Investigating / Resolved / Closed

Monitoring

Post-deployment monitoring and periodic review of AI systems.

Policy Refresh

Keeping AI governance policies current as technology, regulation, and your organization evolve.

On this page

What Counts as an AI Incident?Incident Response Process1. Report2. Triage3. Contain4. Investigate5. Remediate6. Review and LearnIncident Log Template