Technology Portfolio Management (TPM) Best Practices

Overview

AI and machine learning platforms are technology assets that belong in the Technologies Inventory family and require all the governance disciplines that TPM applies to every other technology category: classification in the taxonomy, ownership assignment, lifecycle stage management, Rationalization Posture and Strategic Disposition assignment, Technology Currency governance, vendor health assessment, license compliance, and security posture assessment. What distinguishes AI platforms from other technology categories is not that they require different governance disciplines but that several standard governance disciplines require adaptation to address characteristics specific to AI technologies that standard assessment criteria were not designed to evaluate. An AI platform that was technically fit twelve months ago may be significantly less fit today — not because the software has degraded but because the model underlying the platform has drifted, the training data has aged, the regulatory requirements applicable to its use have been clarified or strengthened, or the competitive landscape of alternatives has advanced substantially.

Best Practice

Classify all AI and machine learning platforms in use across the organization within the Software Technologies Inventory under the AI and Machine Learning Platforms sub-category, applying the standard inventory governance disciplines to each with the following AI-specific adaptations. For the Technical Fitness assessment: supplement the standard technical fitness criteria with AI-specific fitness dimensions including model currency (whether the underlying model is the current or recent generation for the platform), model transparency (whether the platform provides adequate explainability and interpretability capabilities for the organization’s use cases), monitoring capability (whether the platform supports the continuous monitoring of model behavior and performance that AI governance requires), and regulatory compliance status (whether the platform meets the requirements of applicable AI governance regulations for the organization’s specific use cases). For the lifecycle management: apply a more frequent review cadence than the standard annual review for AI platforms, recognizing that the pace of development in AI technology means that a platform’s fitness assessment may change materially within months rather than years. For the security assessment: include AI-specific security dimensions including adversarial attack resistance, training data poisoning risk, and model inversion vulnerability.

Benefit(s)

Governing AI platforms as technology portfolio assets within the standard TPM framework — rather than creating a separate, disconnected AI governance process — produces AI governance that is integrated with the organization’s overall technology governance discipline rather than isolated from it. AI platform investment decisions are evaluated alongside other technology investment decisions using a consistent framework that accounts for AI-specific characteristics. AI platform risk is visible to the same risk governance process that addresses all other technology risk. And the organization develops a single, coherent technology governance capability that covers AI as a technology category rather than maintaining separate, unconnected governance processes for AI and non-AI technologies.