See all

Govern & Comply

22 items

GOVERN

AI Governance & Acceptable Use Kit

$39

Six editable policy templates for the moment an enterprise prospect, insurer, or auditor asks.

GOVERN

EU AI Act Readiness Kit

$249

Inventory your AI systems, classify each into the right risk tier, run a 30-item gap assessment, and produce the documents (FRIA, system cards, vendor reviews) — plus a cross-framework register (EU AI Act ↔ ISO 42001 ↔ NIST AI RMF). A working aid, not legal advice.

GOVERN

NIST AI RMF Readiness Kit

$149

Stand up AI governance mapped to the NIST AI RMF (Govern/Map/Measure/Manage): a readiness assessment, AI use-case register, maturity scorecard, model cards, and a vendor-questionnaire answer bank, crosswalked to ISO 42001 and the EU AI Act. A tool that won’t bless a high-impact, no-oversight use case. Governance guidance, not legal advice.

GOVERN

ISO 42001 AIMS Readiness & Gap Diagnostic

$249

Score your AI Management System across the six ISO 42001 clause-groups and find the one blocking certification — the weakest mandatory control decides, never the average. Returns CERTIFIABLE / GAPS TO CLOSE / NOT READY with a mandatory-clause gate and the exact fixer to buy next. A readiness diagnostic, not an ISO 42001 certification or audit; not legal advice.

GOVERN

AI Risk Register & Treatment-Tracking System

$99

A living AI risk register that grades its own defensibility. Mark six governance fields per risk (likelihood, impact, treatment, owner, residual, review) and get GOVERNED / GAP / UNGOVERNED per entry and DEFENSIBLE / GAPS TO CLOSE / NOT DEFENSIBLE for the register, with a dispositive accepted-high-residual gate that catches the severe risk nobody owns. A working aid, not a risk assessment or legal advice.

GOVERN

AI Impact Assessment Builder

$99

Build and grade one AI system's impact assessment — rated on its worst unmitigated impact, never an average. Score each impact on severity, likelihood, reversibility, and affected-population scale; mitigation reduces it to a residual; MITIGATED / RESIDUAL / UNACCEPTABLE per impact, DEFENDED / GAPS REMAIN / NOT DEFENSIBLE overall, with an irreversible-harm-to-vulnerable-group gate. EU AI Act Art. 27 / ISO 42001 Annex A. A working aid, not legal advice.

GOVERN

Model & System Card Builder

$69

Build and grade a model or system card so it informs the reader instead of over-claiming. Mark seven disclosure sections 0-2 for a completeness score, plus a dispositive claim-vs-evidence gate — a card that makes a performance or fairness claim it can't back is forced NOT PUBLISHABLE no matter how complete it looks. DISCLOSED / THIN / MISSING per section, PUBLISHABLE / DRAFT / NOT PUBLISHABLE overall. Model-card norms + EU AI Act Art. 13.

GOVERN

Automated-Decision Transparency & Disclosure Scorecard

$79

A machine decided about a person — a credit denial, an insurance tier, a tenant score, a benefits cut. Could you show you told them, explained it, and gave them a way to be heard? Grade each automated decision system on six weighted controls (disclosure, meaningful-logic explanation, human appeal, opt-out/correction, scope mapping, recordkeeping) for a 0-100 score and DISCLOSED / GAPS / UNDISCLOSED, with a told-and-recourse gate that forces UNDISCLOSED when the person was never told it was automated, or has no recourse at all — even at 66/100. Date-agnostic (the duties converged; the dates churn) and people-blind — it grades a decision system, never a person. Runnable engine + workbook + Disclosure Mapping & Transparency-Remediation playbooks + a 6-system sample. The everywhere-else sibling to the AEDT Deployer Dossier. Not legal advice.

GOVERN

AEDT Deployer Compliance Dossier

$99

Find out whether you could defend an automated employment decision tool before a regulator or candidate asks. Mark six weighted compliance controls 0/1/2 (an independent bias audit and pre-use candidate notice are gates) for a 0-100 score — DOSSIER READY / OPEN GAPS / NOT DEFENSIBLE — with a worsen-only two-trigger gate that forces NOT DEFENSIBLE when there's no independent audit (vendor self-attestation doesn't count) or candidates were never notified, even at 76/100. Names the control to close first; rolls a portfolio up to ALL DEPLOYABLE / CONDITIONS OUTSTANDING / PULL FROM USE. Calibrated to the highest-bar US jurisdiction — NYC Local Law 144, Illinois HB 3773, California FEHA. Runnable Python engine + workbook + dossier-assembly & gap-closure playbooks + a 6-tool sample. Full-regulated: a readiness aid that grades the deployer's evidence file, not a bias audit, certification, or safe harbor, and scores no candidate. Not legal advice — confirm your obligations with an employment attorney.

GOVERN

AI Incident Reporting & Regulatory-Notification Drill

$79

An AI incident starts a regulatory clock you can't see. Rehearse it before it's real: drill each incident scenario on six weighted controls (detection-to-awareness, severity & regime triage, a named clock-starter, regulator contact map, drafting path & register, cross-track coordination) for a 0-100 score and NOTIFIABLE-READY / TIGHTEN / WOULD MISS THE CLOCK, with a dispositive clock-start gate that forces WOULD MISS THE CLOCK when you couldn't establish the clock has started or no one can start it — even at 82/100. Date-agnostic: it grades the process, never a deadline, so it survives every regime change. Runnable engine + workbook + Drill Facilitator & Notification-Readiness playbooks + a 6-scenario sample. The notification-side companion to the AI Incident Postmortem & Readiness Gate. Grades a process, never people. Not legal advice.

GOVERN

"Pass a 90-Day AI Audit?" Readiness Triage

$79

If an auditor asked for your AI governance evidence in 90 days, would you pass? Triage seven control domains to an AUDIT-READY / PATCHABLE / WOULD NOT PASS verdict — with a no-owner gate that fails any in-scope control nobody owns, no matter how high the score. Names the one domain to fix first. A readiness self-assessment, not legal advice.

GOVERN

AI Agent & Connector Access Auditor

$99

Audit what your AI agents, MCP servers, and OAuth connectors can actually touch. Scores each connector's access risk — least-privilege, over-scoped, or ungoverned — and rolls the fleet up to GOVERNED / DRIFTING / EXPOSED, with a dispositive gate for an unowned connector that can write regulated data. Deterministic, offline, scores connectors not people.

GOVERN

AI Output Audit-Trail & Record-Keeping Kit

$79

Audit your record of AI usage — not the output itself — for whether each entry is defensible: who generated it, with what tool, when, for what decision, who reviewed it, and where the source is. Returns LOGGED / PARTIAL / NO TRAIL per entry and a TRACEABLE / GAPS / UNRECORDED org rollup, with a structural gate where one untraceable high-impact decision makes the whole org UNRECORDED. Runnable Python auditor + workbook. Record-keeping discipline, not legal advice.

GOVERN

AI Deliverable Claim & Citation Defensibility Gate

$79

Grade a finished AI-assisted deliverable — memo, report, proposal, case study — claim by claim before it ships. Mark five 0/1/2 signals per claim (citation present, reachable, source actually supports the claim, fabrication-free, internally consistent) weighted to 100, flag which claims are material, and get per-claim SUPPORTED / CHECK / UNSUPPORTED plus a deliverable verdict: DEFENSIBLE / VERIFY FIRST / DO NOT SHIP, with a batch rollup. A keystone gate forces DO NOT SHIP whenever one material claim rests on an unreachable or fabricated citation — so a deliverable can score 89/100 and still be held, because the failure is local and a high average hides it. Names the one claim to fix first. Runnable Python engine + workbook + claim-review & fix-the-citation playbooks + a 9-claim sample. The substance layer beside the Audit-Trail Kit (provenance) and Anti-Slop System (voice). A review aid that grades claims, never people; not an automatic fact-checker; not legal advice.

GOVERN

Customer-Facing AI Output Risk Triage

$79

Triage every customer-facing AI surface — support bot, chat widget, AI product-page copy, FAQ generator — on liability exposure before the next answer goes out. Mark six 0/1/2 control signals per surface (regulated-claim control, policy-invention control, human exit ramp, performance-claim control, source grounding, scope & disclosure) weighted to 100 and get per-surface LOW / REVIEW / HIGH RISK, a set posture, and the highest-risk surface to fix first. A keystone gate forces HIGH RISK whenever a surface can state policy with no grounding AND offers no human escalation — the pattern behind the support-bot liability cases — so a surface with four of six controls green can still gate (the sample scores 58/100 and does). Close either gap and the gate releases. Runnable Python engine + workbook + surface-inventory & control-hardening playbooks + a 4-surface sample. Every HIGH RISK routes to human review, never a clearance. A risk-triage aid that grades the surface's controls, never people; not a live test of your systems; not legal advice.

GOVERN

Internal AI Handoff QA Gate

$79

Before you pass an AI-assisted memo, analysis, or summary to a colleague, gate it. Mark six 0/1/2 signals (sources reachable, figures traced, task advanced, owner edits, claims scoped, next action clear); the verdict is the weakest signal — HAND OFF / REWORK / DO NOT HAND OFF — with a dispositive worsen-only gate that forces DO NOT HAND OFF when a source is unreachable or a figure is untraced, even where the weakest signal alone would only read REWORK. The internal, peer-to-peer lane where 'workslop' spreads. Runnable Python engine + workbook that reproduces it + reviewer & fix-it playbooks + a 6-deliverable sample. Scores the deliverable, never the person; not for hiring or performance decisions; not legal advice.

GOVERN

AI Vendor & Sub-Processor Data-Flow Register

$89

Register every vendor, AI tool, and sub-processor that touches your data and grade whether each flow is governed — DOCUMENTED / GAP / UNVETTED per flow, REGISTER COMPLETE / GAPS TO CLOSE / NOT DEFENSIBLE per register. The required controls adapt to what the flow carries (a regulated cross-border flow needs a DPA, retention, sub-processors, and a transfer mechanism), and one ungoverned regulated flow (a shadow LLM API seeing PII with no DPA) holds the whole register NOT DEFENSIBLE — 67% documented notwithstanding. The records GDPR Art. 28/30 contemplate. Runnable Python engine + workbook. A working aid, not legal advice.

GOVERN

AI Governance Maintenance Plan

$499/yr

Keep your AI governance from drifting: a light quarterly rhythm — re-assessment, new-hire training, change-watch updates, and a leadership report — plus refreshed templates while you're subscribed. Runs after the Governance Starter Bundle. A maintenance aid, not legal advice.

GOVERN

AI Notetaker Compliance Tripwire

$79

Seventy percent of RIAs run an AI meeting notetaker and regulators treat an ungoverned one like an unauthorized texting app. This tripwire grades each tool/deployment on six weighted controls — client consent before capture and human review before notes enter the record are FATAL — for a 0-100 score and DEFENSIBLE / GAPS / NOT DEFENSIBLE per tool, with a worsen-only gate: either fatal control at zero forces NOT DEFENSIBLE no matter the score. The firm rolls up to its worst tool (ALL DEFENSIBLE / GAPS TO CLOSE / STOP AND FIX). Runnable Python engine + workbook + audit & remediation playbooks + a 5-tool sample. Grades the process, never a person; renders no legal ruling and takes no position on whether AI summaries are books-and-records. Not legal advice.

GOVERN

Marketing-Rule Testimonial & Promoter Audit

$79

Grade every testimonial, endorsement, and paid promoter under SEC Marketing Rule 206(4)-1. Mark each arrangement on six weighted controls — required disclosures clear & prominent (FATAL) and a written promoter agreement (FATAL only for a compensated, over-de-minimis, non-affiliate promoter) plus compensation/conflicts disclosed, bad-actor screen, claims substantiated/net shown, and ad-copy recordkeeping — for a 0-100 score and COMPLIANT / GAPS / NON-COMPLIANT per arrangement. A conditional worsen-only gate fires exactly where the rule requires it, so an identically-marked de-minimis twin stays COMPLIANT while the compensated one fails. Campaign rolls up to its worst arrangement (ALL COMPLIANT / GAPS TO FIX / PULL OR FIX). Runnable Python engine + workbook + audit & remediation playbooks + a 6-arrangement sample. Grades the arrangement, never a person; renders no legal ruling and confirms no compliance status. Not legal advice.

GOVERN

Advisory-Firm AI Exam Defensibility Audit

$99

Would your RIA’s AI use survive an SEC or state exam? A deterministic self-assessment across the six exam-surface domains an examiner probes when a firm uses AI — AI in marketing (20, fatal), books & records for AI outputs (20, fatal), supervision & written policies (18, fatal), vendor AI oversight (16), client disclosure & Form ADV (14), AI communications capture (12) — marked 0/1/2 on your own evidence for a 0-100 score banded EXAM-READY / OPEN FINDINGS / NOT DEFENSIBLE. A dispositive fatal-domain gate forces NOT DEFENSIBLE when any of the three fatal domains is zero, because each draws a deficiency letter on its own — so a firm can score 73 and still be NOT DEFENSIBLE with books-and-records at zero. Portfolio rolls up to the worst branch (ALL EXAM-READY / FINDINGS TO CLOSE / DEFICIENCY LIKELY) with the domain to fix first. Date-agnostic and people-blind. Runnable Python engine + workbook + assessment & remediation playbooks + a 5-firm sample. Grades a firm’s evidence file, renders no legal ruling, scores no person. Not legal advice.

KIT

Vendor ISO-42001 Procurement Evidence Scrutiny Kit

$69

Scrutinize whether a vendor's claimed ISO/IEC 42001 evidence is real, accredited, and actually covers the AI system you're buying. Six 0/1/2 controls, a weakest-link verdict (ACCEPTED / VERIFY FIRST / REJECTED), and a dispositive gate that rejects evidence unconfirmable on both accreditation and scope. One .xlsx, deterministic. ISO does not certify — accredited bodies do; grades the evidence, never people.

Govern & Comply — RedHub AI