Core Principle | What it means and aims to promote | |
1 | Accessibility | Affordable; embraces user friendly interface and experience (UI/UX) methods. |
2 | Accountability | Responsive to legal demands; zero-gap between application behavior and deployer’s liability; implementation has leadership approval; maps to Governance. |
3 | Accuracy | Application performance aligns with marketing claims. |
4 | Consent | Application functionality continuously maintains alignment with the end user’s consent; consent is obtained in a legally valid manner. |
5 | Cooperation | Facilitates global development; compatible with governance framework interoperability; facilitates internal and external information sharing (see discussion below on ISAOs) which maps also to Transparency. |
6 | Efficiency | Supports optimal decisions with respect to achieving objective and resource utilization. |
7 | Enabling | Compliant with government sponsored controlled environments for testing and scaling (sandboxing). |
8 | Equity | |
9 | Ethics | Encompasses a broad range of values that aim to eliminate or reduce risk to human life; promotes privacy; protects property; enhances and maintains stakeholder trust; manifests emphasis on socially-beneficial development and use; responsive to legal demands. |
10 | Fairness | Supports policies, and procedures to manage against unintended/unexpected outcomes. |
11 | Fidelity | Supports measuring of the application’s performance; supports measure of ongoing compliance with the Core Principles. |
12 | Governance | Developed and used within an environment that follows documented policies, processes, and procedures; developed and used within an environment where policies, processes, and procedures are implemented to regularly monitor the organization’s regulatory, legal, risk, environmental, and operational requirements and compliance and serve to inform senior leadership accordingly; senior leadership takes responsibility for ensuring ongoing compliance with all relevant policies, processes, procedures, and agreements; system development complies with relevant contractual agreements. |
13 | Human-Centered | Compatible with law, privacy, human rights, democratic values; contains safeguards to ensure a fair and just society. |
14 | Metrics | Capable of measuring degree of compliance and effectiveness with the Core Principles; promotes alignment with relevant standards and well-established guidelines. |
15 | Permit | The application development and end user use of the application are subject to and compliant with a government issued permit; developer maintains applicable certification from a recognized body (e.g., ISO, IEEE). |
16 | Predictable | Maintains compatibility with select Core Principles throughout its life cycle; the potential for deviation from relevant Core Principles is measurable; application performance aligns with marketing claims. |
17 | Privacy | Design based on processes that ensure compliance with privacy laws, regulations, and standards such as state privacy laws, HIPAA, GLBA, COPPA, GDPR, and the NIST Privacy Framework. |
18 | R&D | Promotes on going research and development in alignment with current best practices; demonstrates a continuous improvement mindset; regularly employs information sharing and other collaboration best practices. |
19 | Relevant | Application life cycle management adheres to policies and procedures that promote intended outcomes; application conforms with applicable laws. |
20 | Reliability | Design, development, and deployment follow best practices and promote compliance with relevant Core Principles; deployment takes a life cycle perspective and is subject to continuous validation using proven risk assessment methodology (red teaming); undergoes routine and periodic guardrail testing. |
21 | Resilience | Failure recovery capable; the greater the capability to autonomously recover (i.e., without manual patching) the more resilient the application is. |
22 | Responsible | Standardized evaluations are periodically conducted; Protects against malicious use; Contains controls for easy detection of risks. |
23 | Robust | Operates with minimum downtime; resistant to adversarial attacks; maintains operational integrity throughout its life cycle. |
24 | Safety | Minimizes unintended behavior; aligns with Permit-related policies and procedures; incorporates Robust principles; compatible with real-time monitoring to prevent harm; development gating incorporates methods for measuring application risk. |
25 | Security | Resistant to adversarial attacks; compatible with information sharing best practices; timely detection and response of threats and incidents of compromise; supply chain vetting and monitoring policies and procedures are used to continuously manage and minimize the model’s risk profile. |
26 | Sustainable
|
Promotes long-term growth capabilities for the developer; compatible with information sharing best practices; development aligns with and enables execution of broader organizational commitments; application performance aligns with marketing claims. |
27 | Track Record | Developer demonstrates adherence to risk assessment standards and best practices. |
28 | Transparency | Development and deployment remains consistent with disclosure (e.g., reporting and publication); facilitates audit by third parties. |
29 | Trustworthy | A catchall for multiple Core Principles, such as Accuracy, Fairness, Privacy, Metrics, Safety, and Security; application performance aligns with marketing claims. |
30 | Wherewithal | Developer is financially sound, exhibits multi-year operational resilience; developer has sufficient financial resources and/or insurance (as determined by end user and other stakeholders such as investors) to sustain operations and contractual obligations; developer demonstrates use of policies and procedures to fully support development in compliance with relevant Core Principles. |
Purpose
The Quantum Computing Life Cycle Core Principles aims to consolidate key development and use principles and explain their significance.