Skip to main content
COMPEL Body of Knowledge

COMPEL Glossary / GL-27

Control Requirements Matrix

A comprehensive mapping of every governance control required for each AI system — specifying the control type (preventive, detective, corrective), the risk or policy it addresses, the evidence required to prove effectiveness, the owner, and the testing frequency.

What this means in practice

It is the master governance design document from which all implementation activities in the Produce stage are derived.

Context in the COMPEL framework

Produced in the Model stage as the central governance design artifact. Every control listed here must be activated in the Control Activation Register during the Produce stage.

Where you see this

Control Requirements Matrix is most commonly referenced when teams work across the Model , Produce and Evaluate stages — especially within the Operational Readiness layer . It appears in governance artifacts, assessment instruments, and delivery playbooks wherever COMPEL is operationalized.

Related COMPEL stages

Related domains

Synonyms

controls register , governance controls matrix , risk control matrix

Related Terms Network

This diagram shows how Control Requirements Matrix connects to other concepts in the COMPEL body of knowledge. Each linked node is a term you can explore in turn.

Related terms for Control Requirements Matrix Network graph showing 3 related glossary terms connected to Control Requirements Matrix. Control Requir… AI System … Control Ac… Evidence C…
3 related concepts connected to Control Requirements Matrix.
Accessible list of related terms
  • AI System Classification Register — A formal register that classifies every AI system in scope according to risk tier, autonomy level, data sensitivity, regulatory applicability, and criticality — producing a system-level risk profile that determines which governance controls, review processes, and compliance requirements apply.
  • Control Activation Register — A record that tracks the implementation and activation status of every governance control specified in the Control Requirements Matrix — confirming that each control has been built, tested, and is operational in the production environment.
  • Evidence Collection Setup — The documented configuration of all evidence collection processes — defining what evidence is gathered, from which systems, on what schedule, in what format, and how it is stored and linked to governance controls — so that the Evidence Pack can be assembled continuously and automatically rather than scrambled together before audit.

See also

  • AI System Classification Register — A formal register that classifies every AI system in scope according to risk tier, autonomy level, data sensitivity, regulatory applicability, and criticality — producing a system-level risk profile that determines which governance controls, review processes, and compliance requirements apply.
  • Control Activation Register — A record that tracks the implementation and activation status of every governance control specified in the Control Requirements Matrix — confirming that each control has been built, tested, and is operational in the production environment.
  • Evidence Collection Setup — The documented configuration of all evidence collection processes — defining what evidence is gathered, from which systems, on what schedule, in what format, and how it is stored and linked to governance controls — so that the Evidence Pack can be assembled continuously and automatically rather than scrambled together before audit.

Related articles in the Body of Knowledge

Related Terms

Other glossary terms mentioned in this entry's definition and context.