NIST AI Risk Management Framework Playbook

An interactive, applied walkthrough of the NIST AI Risk Management Framework, organised around its four core functions: Govern, Map, Measure, and Manage. The playbook works through the framework subcategories with practical commentary on how each applies inside regulated and humanitarian organisations, where AI risk has to be managed alongside data protection and operational constraints.

Govern

The Govern function establishes the culture, accountability, and policies that sit over every AI system. It defines who owns a model, who signs off on its use, and how risk decisions are recorded, so governance is a standing capability rather than a one-time review.

Map

The Map function establishes context. It identifies where an AI system is used, who it affects, and what could go wrong, including the data sensitivity and operational conditions that shape real risk in humanitarian and public-sector settings.

Measure

The Measure function assesses risk with evidence. It covers testing for accuracy, bias, and robustness, and the metrics that show whether a system is performing safely before and after deployment.

Manage

The Manage function acts on what the other three reveal. It prioritises risks, applies controls and human oversight in proportion, responds to incidents, and monitors systems over time. See the related practice of AI governance in the United Nations.