What’s inside
Policies
Define and assign governance rules, evaluate them against runs, score compliance.
Evidence
Collect, review, and approve evidence — automated or manual.
Assessments
Dynamic questionnaires with weighted scoring.
Risk Dashboard
Six-dimensional risk score per app, rolled up to the org.
AI Registry
Catalogue of models, deployments, and ownership.
How governance fits together
The AI Registry is the inventory layer — what exists in your portfolio. Policies and Assessments produce the inputs to risk scoring. Evidence is the artefact layer that proves controls are met. Risk rolls up the four into a single per-app score, and Compliance translates the score into framework-specific status.When to start where
Related resources
Compliance
Map controls to EU AI Act, NIST AI RMF, and ISO 42001.
Observability
The telemetry that policies and risk scoring read from.

