01
AI system inventory
Every model, agent, vendor API, and shadow-AI workflow mapped to a business owner, data category, and decision impact. No more spreadsheets that go stale in a fortnight.
Services / Assessment
Know exactly where your AI risk lives — and what to do about it.
A four-to-six week AI governance assessment that gives boards, regulators, and product leaders the same picture: which AI systems you run, how risky each one is, and the shortest path to audit-ready.
What we cover
Four pillars. One coherent picture of your AI estate.
02
Risk classification
Each system rated against EU AI Act tiers (prohibited, high-risk, limited, minimal), ISO/IEC 42001 control areas, NIST AI RMF functions, and your internal risk appetite.
03
Control gap analysis
Where you stand on data governance, human oversight, transparency, robustness, security, and post-market monitoring — with evidence requirements named, not implied.
04
Prioritised remediation plan
A sequenced roadmap with effort, owner, dependency, and audit-readiness milestones. Designed so engineering, risk, and legal can sign off on the same page.
Deliverables
What you leave with.
Artefacts your risk function, your auditors, and your board can all use. Nothing that sits in a slide deck and ages.
- AI system register (live document, not a PDF)
- Risk classification matrix mapped to EU AI Act + ISO 42001
- Control gap report with evidence requirements
- 90-day remediation roadmap with owners and effort
- Board-ready summary and live walkthrough
Who this is for
Regulated organisations that have already shipped AI — and now need to prove it was built safely.
Financial services, healthcare, public sector, and enterprise software teams preparing for the EU AI Act, an ISO 42001 audit, or a board-level AI risk review. Typical engagement: 4–6 weeks, one practitioner, one accountable owner on your side.
Ready to scope yours?
A 30-minute call. We agree on what's in scope, what evidence already exists, and whether an assessment is the right next step.