7-day free trial on all plans · Company email required · No charge for 7 daysStart trial →
Global Rail
Trial
AI Governance · Risk · Compliance

Prove your AI complies — across every framework that matters.

EU AI Act, NIST AI RMF, ISO/IEC 42001 and 23894, GDPR overlay, and the global landscape — operationalized on a single canonical control graph and evidence layer.

Book a walkthrough See the platform
Framework coverage

Tier 1 — full operationalization

View matrix →
EU AI Act
L1
EU / extraterritorial
Global regulatory anchor for AI compliance.
NIST AI RMF (AI 600-1)
L1
US / Global
Widely adopted risk management structure.
ISO/IEC 42001
L1
Global
Audit-ready certifiable AI management system.
ISO/IEC 23894
L1
Global
Structured AI risk process layer.
GDPR AI/Privacy Overlay
L1
EU / extraterritorial
Privacy obligations intersect with most AI systems.
OECD AI Principles
L1
Global
Global normative benchmark.
UNESCO Recommendation on AI Ethics
L1
Global
Ethical legitimacy and public-sector relevance.
Model Cards
L1
Global
Core artifact for model transparency.
System Cards
L1
Global
System-level transparency and deployment context.
Datasheets for Datasets / Data Cards
L1
Global
Data lineage, quality, and risk evidence.
Algorithmic / AI Impact Assessments
L1
Global
Operational risk and accountability artifact.
Also covered
UK / ICOSingapore MGAAI VerifyColorado AI ActNYC AEDTCalifornia AICanada AIAustralia AIJapan AIKorea AIChina generative AI rulesChina recommendation algorithm rulesChina deep synthesis rules

How it works

01
Applicability
Profile each AI system. Engine returns frameworks, risk tier, artifacts.
02
Controls
Obligations map to 23 canonical control domains.
03
Assessments
Question sets per framework → findings with severity & owners.
04
Evidence
Strength-rated, expiry-tracked, linked to controls.
05
Reports
Board, audit, regulator and customer packs — from one assessment.

Industry overlays

Sector-specific controls, assessment logic, and evidence expectations — layered on top of the canonical model.

Financial services
L1
High regulation, model risk, outsourcing, consumer harm.
Healthcare / life sciences
L1
Safety-critical, sensitive data, validation rigor.
HR / employment
L1
Bias, explainability, employment law exposure.
Public sector
L1
Accountability, rights impacts, procurement scrutiny.
Insurance
L2
Decisioning, fairness, consumer protection.
Education
L2
Minors, high-impact decisions, fairness.
Consumer / adtech
L2
Profiling, recommender systems, disclosures.
Critical infrastructure / industrial
L2
Resilience, safety, incident management.

23 canonical control domains

One backbone. Every framework requirement is an overlay.

CC-01Governance & Accountability
Structures, roles, and oversight for AI.
CC-02AI Inventory & Classification
Registry of AI systems with lifecycle and risk tier.
CC-03Legal & Permissible Use
Prohibited use screening and legal basis.
CC-04Risk Management
AI risk assessment, harm scenarios, residual risk.
CC-05Data Governance
Provenance, quality, sensitive data, retention.
CC-06Privacy & Data Rights
DPIA, minimization, data subject rights.
CC-07Security & Resilience
Access, secrets, segregation, logging.
CC-08Third-Party / Vendor AI Oversight
Vendor inventory, due diligence, contracts.
CC-09Design & Development Controls
Process, model selection, training governance.
CC-10Testing, Validation & Evaluation
Pre-deployment tests, metrics, edge cases.
CC-11Fairness & Bias Management
Bias methodology, impacted groups, monitoring.
CC-12Explainability & Transparency
Internal explanations and user disclosures.
CC-13Human Oversight & Intervention
Review points, override, competence.
CC-14Safety, Robustness & Misuse Resistance
Misuse scenarios, robustness, fallback.
CC-15Deployment Approval & Change Mgmt
Go-live, release process, reassessment.
CC-16Monitoring, Drift & Performance
Monitoring plan, drift thresholds, cadence.
CC-17Incident Management & Escalation
Definitions, reporting, RCA, corrective actions.
CC-18Logging, Recordkeeping & Traceability
Decision logs, evidence linkage, versions.
CC-19Documentation & External Disclosure
Internal docs and regulator-ready dossier.
CC-20Training, Competence & Awareness
Role-based training of control owners.
CC-21Auditability & Assurance
Testable controls and evidence sufficiency.
CC-22Decommissioning & Retention
Retirement, archives, disposal.
CC-23Industry-Specific Safeguards
Sector-specific requirements and evidence.

Audit-ready in one platform.

SecOps + AI governance on shared control and evidence foundations — for internal teams, external assessors, and customer due diligence.

Talk to us Pricing