Statement 32: Manage integration as a continuous practice

Agencies should

  • Criterion 112: Apply secure and auditable continuous integration practices for AI systems.

    Continuous integration (CI) pipelines enable agencies to build, test, and validate changes upon every commit or merge, while accounting for computational requirements resulting from re-testing expensive model training processes. The CI pipeline should include any automated tests defined in the test stage, automating model training, as well as static and dynamic source code analysis.

    These pipelines typically involve:

    • ensuring end-to-end integration to include data pipeline and data encryption practices
    • verifying and managing dependency checks for outdated or vulnerable libraries
    • validating infrastructure-as-code (IaC) scripts to ensure environments are deployed consistently
    • steps to build and validate container images for AI applications
    • continuous training and delivery of AI models and systems
    • employing fail-fast mechanisms to halt builds upon detection of silent failures and critical errors, such as test failures or vulnerabilities
    • avoiding the propagation of unverified changes from failed workflows to production environments
    • establishing a centralised artifact and model registry, and include steps to package and store artifacts, such as models, APIs, and datasets.
       

Statement 33: Create business continuity plans

Next Page

Connect with the digital community

Share, build or learn digital experience and skills with training and events, and collaborate with peers across government.

Join the Digital Profession