Bring AI into
governance posture.

For institutions bringing AI into their governance, risk, and compliance practice. We help you identify the processes and stacks where AI is actually involved, map them against the frameworks that apply to you, and put the evidence pipeline in place that those frameworks expect.

Duration
6–10 weeks
Team
Governance lead + senior engineer
Outcome
Inventory · gap map · evidence pipeline
Format
Hybrid — mostly remote
What we set up with you

Three things in place.

01

An inventory of where AI meets your business.

Models, agents, retrieval pipelines, decision points — we identify and document where AI is actually involved in processes that matter, so it stops being a surprise for risk and compliance.

02

A gap analysis against the frameworks that apply.

We translate that inventory into the language each relevant framework uses — for example EU AI Act, DORA, NIS2, MiFID II, FINMA, or ISO 42001 — and surface where evidence is in place and where it isn't.

03

A working evidence pipeline.

Sign-offs, trace-hashes, replayable decisions — collected as your systems run rather than reconstructed before a review. Ready when a reviewer asks.

How it runs

Phased, then continuous.

  1. Phase 1

    Identify (weeks 1–2)

    We map where AI is involved across your processes and stacks, identify the frameworks that apply, and understand what evidence you already produce today.

  2. Phase 2

    Build (weeks 3–8)

    Set up the Evidence-Pack pipeline. Map existing logs and sign-offs into a shared structure. Walk it through end-to-end against a first framework to validate the approach.

  3. Phase 3

    Rehearse (weeks 9–10)

    Internal mock-review with our governance lead playing the external reviewer. Findings become the improvement list — before a real reviewer asks the same questions.

  4. Ongoing

    Operate

    Hand-off to your team. Optional retainer for updates as frameworks evolve and new AI touchpoints appear.

What ships

Concrete artefacts.

  • Inventory of AI touchpoints across processes and stacks.
  • Gap analysis against the frameworks that apply to you.
  • Evidence-Pack pipeline wired into your existing logs.
  • Sign-off chain definitions per workflow.
  • Mock-review report + improvement list.
  • Runbook for ongoing evidence operations.

Start with a briefing.

Thirty minutes to understand where your AI use sits today and what readiness would look like. No commitment.

Request briefingAll services