In the third episode of the Risk and Cybersecurity podcast’s AI Compliance series, host Lauren Ross is joined by Steve Ursillo, Partner in Cybersecurity at Cherry Bekaert, and Morgan Hague, Senior Manager at Meditology Services. Together, they dive into the unique governance and risk management challenges organizations face when deploying internal AI versus leveraging third-party artificial intelligence (AI) solutions.

This episode covers practical approaches to data and model governance, the role of frameworks like ISO 42001 and SOC 2 in supporting responsible AI development, and the essentials of effective vendor due diligence. Our guests also explore how organizations can strengthen contractual safeguards and monitor for model drift and ethical concerns in vendor AI tools.

Tune in to learn more about:

• Key governance and risk management considerations for internal and vendor AI
• How ISO 42001 and SOC 2 frameworks support responsible AI
• Vendor due diligence and contractual safeguards in AI partnerships
• Strategies for monitoring model drift, bias, and ethical risks in third-party AI tools
• Practical steps organizations can take today to strengthen AI compliance and data protection

View All Podcasts from this Series

In the second episode of the AI Compliance series, host Lauren Ross is joined by Steve Ursillo, Partner in Cybersecurity at Cherry Bekaert, and Morgan Hague, Senior Manager at Meditology Services. Listen in as they explore the evolving landscape of artificial intelligence (AI) regulations, including the impact of the European Union (EU) AI Act and U.S. executive orders, and how organizations can proactively prepare for regulatory uncertainty.

The episode also covers what enterprises should look for when evaluating AI vendors, the changing role of procurement in assessing AI risk, and the most overlooked risks in AI systems today. Finally, they examine how compliance frameworks can help organizations mitigate reputational harm in the event of AI failures.

Tune in to learn more about:

• The impact of emerging regulations on global AI strategies
• How organizations can prepare for regulatory uncertainty and evolving compliance requirements
• Key compliance criteria and certifications enterprises should look for from AI vendors
• Overlooked risks in AI systems, from bias and privacy to shadow AI and automation bias
• How compliance frameworks and due diligence can help mitigate reputational damage from AI failures

View All Podcasts from this Series

In the kickoff episode of the Risk and Cybersecurity podcast’s AI Compliance series, host Lauren Ross welcomes Steve Ursillo, Partner in Cybersecurity at Cherry Bekaert, and Morgan Hague, Senior Manager at Meditology Services, for a deep dive into the frameworks shaping responsible artificial intelligence (AI).

The conversation unpacks how standards like SOC 2, ISO 42001, and the National Insititue of Standards and Technology’s (NIST) AI Risk Management Framework are evolving to address the unique risks and governance challenges of artificial intelligence. They discuss the intersection of AI with privacy regulations like the General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA), as well as practical strategies for harmonizing multiple frameworks in complex environments.

Whether you’re just starting your AI journey or looking to strengthen your compliance posture, this episode offers foundational insights to help you build trust and resilience in your AI initiatives.

Tune in to learn more about:

• The role of SOC 2, ISO 42001, and NIST in AI governance and risk management
• How ethical principles are operationalized in AI development and deployment
• Aligning AI compliance with privacy regulations such as GDPR and HIPAA
• The importance of model registries, bias monitoring and continuous oversight
• Strategies for harmonizing multiple frameworks and reducing audit fatigue

View All Podcasts from this Series