If your buyer, your auditor, or the EU AI Act is asking: you have a date. We have a 90-second triage and a senior practitioner who has shipped the controls, not just read the standard.
Already running SOC 2 / ISO 27001? See the broader services menu →
We map each control once: once written, every applicable framework references the same evidence. You answer a vendor questionnaire in hours, not weeks.
Pick the closest. The triage adapts to your answer.
Domain determines which regulatory regime applies, regardless of what you build.
Autonomy level is the single biggest driver of risk tier under EU AI Act & ISO 42001 §8.
Pick all that apply. Untrusted-content boundaries are scoped from this answer.
Pick all that apply. Output type drives evaluation, monitoring, and audit trail requirements.
Non-human identity (NHI) sprawl is the most common gap we find in mid-stage AI deployments.
Pick all that apply. This determines which framework the diagnostic prioritizes.
Triage's recommendation depends as much on stage as on system shape.
Synthesizing your answers against the 2025 OWASP LLM Top 10, NIST AI RMF Generative AI Profile, ISO/IEC 42001 §6–§9, and the EU AI Act risk classification.
No PII required. Answers are evaluated client-side; nothing is transmitted unless you click Send to senior practitioner. Triage is a diagnostic, not a control. The verdict reflects our professional judgment under the cited frameworks and is not legal advice.
We've inherited five programs that were already paid for. Here's what they had in common: so you can avoid spending the money twice.
An ISO 42001 policy is meaningless if you cannot list, on one page, the AI systems it covers. Inventory comes first: model, host, data flow, intended use, risk tier. Twenty-line registers beat sixty-page policies, every time.
CIA triad does not cover AI risk. You need at minimum seven additional categories: confabulation, value-chain integrity, dangerous-capability emergence, NHI sprawl, prompt-injection, training-data IP, and human-oversight failure. Nexurion Field Notes, Vol. II, lays them out.
If your governance evidence requires a PhD to interpret, the auditor: and your board: will not stress-test it. We translate eval output into Annex-A and Article-15 evidence a non-ML reader can sign their name to. Engineering keeps the suite; governance owns the readout.
A tool-using agent is a non-human identity, a privileged service, a delegation chain, and an action surface: all at once. Most IAM programs cannot describe what an agent is allowed to do, when, on whose behalf, and with what audit trail. This is the gap that will define '26.
Vanta-AI, Drata-AI, Credo, and the rest are useful: once you have a program for them to instrument. We've seen six-figure platform spends on companies that could not name their AI systems on the first call. Sequence: program, then platform.
Barred attorney. Global privacy leader with a product-embedded practice. Carries the AIGP: the IAPP's AI Governance Professional credential: alongside the full IAPP stack (CIPP, CIPT, CIPM, FIP). Built privacy programs revenue-adjacent in tech; carries the lawyer-grade rigor most AI governance work pretends to have.
Cybersecurity and GRC practitioner. Master's in cybersecurity on a health-informatics foundation. Built GRC programs ground-up, led audit readiness through SOX and PCI, owned third-party risk and data privacy in fast-paced tech. Translates frameworks into the operating evidence auditors and regulators accept.
Two senior leads on every AI governance engagement. · Bench expandable on senior demand · See the full firm bench →
We map each control once. Inventory, risk tiering, lifecycle, agent identity, evaluation, and evidence run as one system: so a buyer questionnaire or an auditor request resolves in hours, not six disconnected framework projects.
↳ Select a framework above to read how we scope it: control map, typical timeline, and where programs tend to stall.
Published December 2023. The first internationally certifiable management-system standard for artificial intelligence. Plan-Do-Check-Act, but written for systems that learn.
If you've been certified to ISO 27001, the structure will feel familiar: context, leadership, planning, support, operation, performance, improvement. The substance is different. You are governing not the data, but the model that mutates because of the data.
Annex A defines nine control areas and roughly forty controls. The hard ones aren't the policies: they're the impact assessment (Annex B), the lifecycle controls (data, design, deployment, post-market monitoring), and the supplier-AI controls when a foundation model sits inside your product.
We have written three full AI governance practice since the standard published. Two have certified; one is in stage-2 audit as of Q2 '26. One of a small number of US firms with that lived count.
Pursue ISO 42001 only when an enterprise buyer has named it, when you ship to the EU, or when your investors are asking. Otherwise: start with the AI RMF profile and build toward 42001 over twelve months. The standard is real; the rush to certify is not.
Published January 2023. Voluntary. The vocabulary the rest of US AI policy is built on: and the one the EU AI Act, OMB M-24-10, and FedRAMP have all quietly adopted.
The framework is four functions: Govern, Map, Measure, Manage: and the genius of it is that it doesn't tell you which controls to implement. It tells you which questions to be able to answer about each system you ship.
NIST has since released the Generative AI Profile (NIST-AI-600-1) and cross-walks to ISO 42001, ISO 23894, and the EU AI Act. The profile is where the GenAI-specific risks live: confabulation, dangerous capability emergence, value chain integrity, and the eight other categories in §3.
The AI RMF is not certifiable. It is the readiness baseline we build from on every engagement, regardless of which framework the client ultimately certifies to.
Every AI-touching engagement starts with an AI RMF profile, Govern controls first, then Map the systems, then Measure what you can. Most clients spend 6–10 weeks here before they decide what to certify. That sequencing saves money.
In force August 2024. Phased application through 2027. Extra-territorial: if your model is used by a person in the EU, you are in scope, no matter where you are headquartered.
The law tiers AI systems into four risk classes: prohibited (Art. 5: social scoring, certain biometric categorisations), high-risk (Art. 6, Annex III use cases plus Annex I products), limited risk (transparency obligations under Art. 50), and minimal risk (no specific obligations).
For high-risk systems, the obligations are substantial: risk management system, data governance, technical documentation, record-keeping, transparency, human oversight, accuracy & cybersecurity, conformity assessment, post-market monitoring, and registration in the EU database. General-purpose AI models (Art. 51–55) carry their own regime.
Penalties top out at €35M or 7% of worldwide turnover for prohibited-practice violations, €15M or 3% for high-risk obligations, €7.5M or 1% for false information.
If you sell into the EU, the question is not "do we comply": it is "can we prove we comply by August 2026." Our deliverable is a tiering memo, an Article-by-Article gap analysis, and the conformity-assessment plan. Twelve weeks, fixed-fee.
Published 2026. The first standard built specifically for AI agents: refreshed quarterly, grounded in independent technical testing, and structured for enterprise adoption. Phil Venables (ex-Google Cloud CISO): "SOC 2 for AI agents."
Developed with 100+ Fortune 500 CISOs and technical contributors including MITRE, Stanford, Cisco, ElevenLabs, OWASP, and UiPath. Operationalizes the OWASP Agentic Top 10, Cisco's AI Security Framework, and MITRE ATLAS into a certifiable control set. Schellman is the first accredited auditor; ElevenLabs the first voice-AI company to achieve certification.
The standard is forward-looking by design: where SOC 2 is a backward-looking attestation, AIUC-1 requires forward-looking policies, ongoing adversarial testing, and at-least-quarterly retesting. Certification displays for 12 months: conditional on continued technical compliance.
Coverage is structured across six domains: Data & Privacy, Security, Safety, Reliability, Accountability, and Society: with explicit crosswalks to ISO 42001, NIST AI RMF, EU AI Act, MITRE ATLAS, and OWASP LLM Top 10.
If you ship agentic AI, AIUC-1 is the standard your enterprise buyers will start asking for. ISO 42001 is the management-system layer; AIUC-1 is the operating-controls layer. We run them together: 42001 establishes the AIMS, AIUC-1 evidences that the AIMS actually does what it says.
The readiness baseline. System inventory, risk tiering, Govern controls in writing, and a Map–Measure plan you can run for the next two quarters.
Full Annex-A package, AIMS scope statement, Annex-B impact assessments, and stage-1 / stage-2 audit liaison through certificate issuance.
Tiering memo, Article-by-Article gap analysis for in-scope systems, technical documentation per Annex IV, and the conformity-assessment plan.
The 2026 problem: governing non-human identities, MCP servers, and tool-using agents. Inventory, scoping, audit trail, and the runtime guardrails.
Embedded fractional leadership. JD-credentialed vDPO with AI-governance specialty, on retainer. Board reporting, EU representation, regulator liaison.
The we-already-paid-for-this engagement. Diagnostic of an in-flight or completed AI-governance program: what's defensible, what's gap, what we'd cut.
Nexurion Field Notes is our quarterly position paper. It's where we publish our updated threat model, our regulatory read, and the controls we're building before the standards body gets to them. Named for Claude Shannon, who taught us that signal is what survives the channel.
Each issue: the revised threat model, a regulatory read across NIST / ISO / EU / OMB, the controls we're shipping before the standards bodies get to them, and the field arguments we've made to auditors and boards.
Thirty minutes with a senior AI-governance practitioner: someone who has shipped models, not someone who has read a slide deck about them. We'll review the system you're building, the regulators or buyers in your future, and the trigger that brought you here.
You'll leave with a recommended module, a realistic timeline, and a fee range: even if the recommendation is "don't engage us yet."
We'll send a written statement of work within forty-eight hours of the call, or a short memo of what we'd advise instead. No pitch deck, no nurture sequence.
Nexurion Field Notes, Vol. I, will be in your inbox the next morning either way.