Tools & Frameworks¶
Purpose: Curated directory of practical AI tools, frameworks and resources for safe and responsible implementation Audience: Technical teams, governance professionals and implementation leads | Time: 20-30 minutes
A curated list of practical tools, frameworks and resources to help Australian businesses implement AI safely and responsibly.
About This Directory
Scope: Non-commercial resources only (government, standards bodies, nonprofits and open-source).
How to use: Start with frameworks, set governance, then implement technical controls and monitoring.
π― AI Risk & Ethics Frameworks¶
- Australian Government AI Ethics Principles β 8 principles guiding ethical AI use. (industry.gov.au)
- Voluntary AI Safety Standard (10 Guardrails) β published 2024, aligns with ISO/IEC 42001 and NIST AI RMF. (industry.gov.au)
- Note: The Guardrails explicitly align with ISO/IEC 42001:2023 and the NIST AI Risk Management Framework 1.0.
- National framework for the assurance of AI in government (DTA) β how agencies assure AI systems. (dta.gov.au)
- NIST AI Risk Management Framework (AI RMF 1.0) β comprehensive, sector-agnostic guidance. (nist.gov)
- NIST Generative AI Risk Management Profile β profile for GenAI use cases. (nist.gov)
- ISO/IEC 23894 β AI risk management guidance. (iso.org)
- ISO/IEC 42001 β AI management system (AIMS) requirements. (iso.org)
- OECD AI Principles β intergovernmental principles for trustworthy AI. (oecd.ai)
- Singapore Model AI Governance Framework β practical implementation guidance. (pdpc.gov.sg)
π Governance & Policy Tools¶
- Privacy Impact Assessments (PIAs) β OAIC guidance on conducting PIAs. (oaic.gov.au)
- NSW Artificial Intelligence Assessment Framework β Structured risk-based assessment framework for AI systems; updated to address generative AI. (digital.nsw.gov.au)
- ASD Essential Eight β baseline mitigation strategies. (cyber.gov.au)
- Notifiable Data Breaches (NDB) Scheme β reporting obligations. (oaic.gov.au)
- Australian Privacy Principles (APPs) β core privacy obligations. (oaic.gov.au)
π¬ Technical Testing & Monitoring¶
- Model Cards β documentation standard for AI models. (arXiv)
- Datasheets for Datasets β dataset transparency and quality control. (arXiv)
- Aequitas β open-source bias/fairness audit toolkit. (github.com)
- Fairlearn β open-source fairness assessment and mitigation. (fairlearn.org)
- NIST AI RMF Playbook (TEVV) β testing, evaluation, verification and validation resources. (airc.nist.gov)
π Privacy & Security¶
- Differential Privacy β OpenDP, OpenMined community resources. (opendp.org, OpenMined)
- Homomorphic Encryption β OpenFHE library and docs. (openfhe.org)
- Confidential Computing β architecture patterns and use cases (Consortium). (confidentialcomputing.io)
- Data anonymisation β ARX, Amnesia, sdcMicro (open-source). (arx.deidentifier.org, amnesia.openaire.eu, github.com/sdcTools/sdcMicro)
π‘ Explainability & Transparency¶
- LIME β local interpretable model-agnostic explanations. (github.com)
- SHAP β Shapley valueβbased feature importance. (github.com)
- DALEX β model exploration and explanations. (github.com)
π Continuous Monitoring & Ops¶
- MLflow β experiment tracking and model registry. (mlflow.org)
- Prometheus β metrics collection for model/service health. (prometheus.io)
- Kubeflow β open-source MLOps on Kubernetes. (kubeflow.org)
π‘οΈ LLM Application Safety & Secure Development¶
- OWASP Top 10 for LLM Applications β common risks and mitigations. (owasp.org)
- OWASP AI Security & Privacy Guide β secure AI development guidance. (owasp.org)
- MITRE ATLAS β adversary tactics/techniques/mitigations for ML systems. (atlas.mitre.org)
- Guidelines for Secure AI System Development β joint guidance (UK NCSC, CISA and partners). (ncsc.gov.uk)
π RAG Evaluation & QA (Open-source)¶
- ragas β evaluation for retrieval-augmented generation. (github.com)
π Serving & Data Infrastructure (Open-source)¶
- KServe β model serving on Kubernetes. (kserve.github.io)
- Feast β feature store. (docs.feast.dev)
β Procurement & Vendor Risk (Checklist)¶
Key Areas to Assess
- Data: classification, residency, retention, cross-border flows, deletion lifecycle.
- Privacy: APPs alignment, DPIAs/PIAs, purpose limitation, de-identification controls.
- Security: ASD Essential Eight maturity, vulnerability management, incident response, logging.
- Governance: model documentation (Model Card), dataset documentation (Datasheet), access controls.
- Evaluation: fairness, robustness, performance evidence; TEVV plan and metrics.
- Compliance: ISO/IEC 42001 readiness; ISO/IEC 27001 controls. (iso.org)
- Contracts: DPAs, IP/licensing, data ownership, third-party subprocessor transparency, exit plan.
Further Reading¶
- Voluntary AI Safety Standard β 10 Guardrails
- Australian AI Ethics Principles
- OAIC β AI and Privacy guidance
- NIST AI Risk Management Framework
- NIST SP 1270 β Identifying and Managing Bias in AI
- OECD AI Principles
- OWASP Top 10 for LLM Applications
- ASD Essential Eight
Disclaimer & Licence
Disclaimer: This directory provides links to external tools, frameworks and resources for Australian organisations implementing AI. SafeAI-Aus has exercised care in curation but does not guarantee accuracy, currency, availability, or fitness for purpose of external resources. Always verify tool capabilities, licensing terms and security implications before deployment.
Licence: Licensed under Creative Commons Attribution 4.0 (CC BY 4.0). You are free to copy, adapt and redistribute with attribution: "Source: SafeAI-Aus (safeaiaus.org)"