Stop Rebuilding Evidence Every Time a Reviewer Asks

• Define and provide acceptable error ranges for each operational factor that would impact each of the Intended Use(s) and any additional operational factors that would narrow acceptable ranges or lower acceptable error rates (including false positive and false negative error rates) that could impact those Intended Uses. • Identify operational factors and/or Intended Uses, including quality of system input, use, and operational context are critical to manage for reliable and safe use of the system in its deployed context. • Disclose and document Sensitive Use cases. • Documentation of implementation of effective controls in the system design to discourage automation bias (the possible tendency of over- relying on outputs produced by the system). • Document any system limitations, input or output data model limitations, or predictable failures, including uses for which the system was not designed or evaluated that may impact Intended Uses. • Document implemented mitigations and controls for well-known AI risks, such as inference manipulation (“jailbreaks”), model manipulation (e.g., data poisoning), and inferential information disclosure (e.g., prompt extraction). • Evidence of system accuracy, performance, and the extent to which these results are generalizable across use cases.

Supplier demonstrates it has implemented an access rights management plan that includes: • Access control procedures, • Identification procedures, • Lockout procedures after unsuccessful attempts, • Automatic logoff after inactivity, • Robust parameters for selecting authentication credentials, • Deactivation of user accounts (including accounts used by employees or subcontractors) on employment or termination within 48 hours, • Strong password controls that enforce password length and complexity and prevent reuse, and • Use of Multi-Factor Authentication (MFA) for identities. Supplier demonstrates that it has an established process to review user access to Microsoft Personal and Confidential Data, enforcing the principle of least privilege. The process includes: • Clearly defined user roles, • Procedures to review and justify approval of access to roles, • Test that users within roles with access to Microsoft data have a documented justification for being in the group/role, and • Strong prohibitions on shared accounts or passwords.

Annual records of attendance are available and can be provided to Microsoft upon request. Training content is regularly updated and includes privacy and security principles like incident prevention awareness including safeguarding passwords, log-in monitoring, risks associated with downloading malicious software, and other relevant security reminders. Documentation of compliance with training requirements will include evidence of training related to privacy regulatory requirements, security obligations, and compliance with applicable contract requirements and obligations. IT staff must have training for incident response and simulated events and automated mechanisms to facilitate effective response to crisis situations. If the Microsoft Personal Data Processed by supplier includes PHI, training content must include HIPAA training, security reminders, address log-in monitoring, safeguarding passwords, and supplier’s permitted uses and disclosures as permitted by the Business Associate Agreement.