MANAGE Function
The MANAGE function activates the organisation’s response to identified and measured AI risks. It covers how risks are prioritised, how incidents are investigated and resolved, how decisions about risk treatment are made, and how lessons from incidents improve the system over time.
MANAGE is where the continuous loop closes: MEASURE finds the signal, MANAGE determines the response, and the outcome feeds back into GOVERN’s policy evolution.
Relevant MANAGE Categories
MANAGE 1 — Risk Response
MANAGE 1.1 Root cause analysis procedures for identified AI risks are in place.
VeriProof’s time-machine session replay provides the tooling for root cause analysis. When an alert fires or an incident is identified, open Monitoring in the Customer Portal and select the Trigger History tab. Locate the alert trigger for the incident window. Click the trigger to see the list of sessions involved, then sort by governance score ascending to find the worst-scoring sessions.
Open any session to view its full detail: model metadata, input and output content, governance score, per-dimension scores, and the complete processing trace. Click Session Replay to step through the session interactively.
Root cause analysis for model quality issues typically reveals patterns in the inputs that triggered the issue — unusual length, off-distribution topic, specific phrasing patterns. VeriProof’s session records provide the exact inputs, making this analysis possible without synthetic reconstruction.
MANAGE 1.3 Responses to risks are prioritised based on impact.
Alert rules encode your risk prioritisation. Higher severity alerts correspond to higher-impact risk events and trigger more immediate response procedures. Open Monitoring in the Customer Portal and click + New Rule to configure each tier:
- Critical — fires immediately when a safety threshold is breached; notify the CISO and AI lead; target acknowledgement within 60 minutes
- Medium — fires on a daily roll-up when governance score drops below threshold; notify the AI team; target acknowledgement within one business day
The acknowledgement SLA tracking in VeriProof’s alert system provides evidence that response prioritisation was applied consistently.
MANAGE 2 — Risk Treatment
MANAGE 2.2 Risk response procedures are in place.
Your risk response playbooks should be linked to VeriProof alert rules. When an alert fires, the notification should include the relevant runbook link. Open **Monitoring →
- New Rule** and set the notification message to include the playbook URL for the issue type. For example, a high-volume refusal-rate alert should link to your refusal-rate spike runbook.
MANAGE 2.4 Mechanisms are in place to respond to incidents.
Alert fires
VeriProof delivers notification to configured stakeholders via email. The notification includes the alert rule name, triggering sessions, and a direct link to the Customer Portal alert view.
Acknowledge and document initial response
In Monitoring → Trigger History, click the active alert trigger and click Acknowledge. Enter a note describing your initial assessment (for example: “Initial investigation started. Checking model config change log.”) The acknowledgement is timestamped and logged for the evidence record.
Investigate using session data
Use the session query and replay tools to identify the pattern (see MANAGE 1.1 above).
Execute corrective action
Take action appropriate to the root cause:
- Roll back a model version
- Update a prompt to handle the identified edge case
- Revise a governance threshold if the alert was a false positive
- Escalate to the model vendor if the issue is in the base model
Document the resolution
Once corrective action is complete, click Resolve on the alert trigger. Enter a resolution note describing the root cause, corrective action taken, and deployment date. Select a root cause category (prompt engineering, model behaviour, threshold calibration, etc.). The resolved trigger with its full history — acknowledgement timestamp, investigation notes, and resolution note — is included in the MANAGE section of every subsequent evidence package.
MANAGE 3 — Risk Communication
MANAGE 3.1 Risks and risk responses are communicated to leadership.
Alert escalation paths and periodic governance score reports provide the communication mechanism. To generate a MANAGE-focused governance report, open Compliance → Evidence Exports, select NIST AI RMF, check the MANAGE function, set the report period, and click Download Evidence Pack (PDF). Distribute the PDF to AI governance stakeholders after each reporting period.
MANAGE 4 — Learning and Improvement
MANAGE 4.1 Lessons from AI incidents inform future designs.
The alert acknowledgement history — including root cause categories and resolution actions — is the primary input to your lessons-learned process. Open Monitoring → Analytics to see resolved-alert counts grouped by root cause category for any time period.
Recurring root cause categories indicate systemic issues worth addressing in design, testing, or training before they manifest again in production.
MANAGE Evidence in Packages
The MANAGE section of an AI RMF evidence package includes:
- Alert trigger history with severity distribution and acknowledgement rates
- Mean time to acknowledgement (MTTA) and mean time to resolution (MTTR)
- Root cause category distribution
- Corrective action log with documentation
- Any recurring alert patterns (same rule fired more than N times)
Next Steps
- GOVERN function — completing the governance loop
- Alert Rules guide — configuring the alert rules that power MANAGE
- Time-Machine guide — session replay for root cause analysis
- Article 17 — Quality Management — EU Act parallel for corrective action