AI Governance Suite
Audit-ready AI governance as working software, not slide decks
Everything you need to prove your AI is under control: risk assessments, policies, and training records mapped to federal requirements. Ready when the auditors ask.
8
Governance MCP tools
6
Framework crosswalks
5
Regulated verticals covered
SHA-256 chained
Evidence integrity
The problem
EU AI Act enforcement and OMB M-25-21 mandates are live, fines reach 3% of global revenue, and 91% of mid-market companies use GenAI — but enterprise governance platforms start at $100K/year. Mid-market and public-sector teams are priced out of compliance.
What we built
Built GovernanceIQ as an MCP server: ask Claude to assess an AI use case and it scores risk, classifies high-impact AI under M-25-21, identifies required controls, and drafts an audit-ready compliance plan in minutes.
Encoded the regulatory knowledge as data, not prose: crosswalk tables mapping NIST AI RMF controls to EU AI Act articles, ISO 42001 clauses, CMMC, HIPAA, and FINRA requirements — queryable from a CLI or MCP tool.
Designed Compliance Literacy around evidence: every cohort produces a hash-chained manifest (rosters, role calibration, quiz scores, regulatory mappings) that an auditor can verify artifact-by-artifact.
Packaged all three as engagement-driven products with defined deliverables — the anti-pattern to open-ended consulting.
Architecture
Outcomes
- ▸M-25-21 use-case assessment compressed from weeks of consulting to a minutes-long, repeatable AI workflow
- ▸One query returns a control's obligations across six frameworks simultaneously — the crosswalk auditors actually want
- ▸Training evidence that survives an audit: signed, hashed, and mapped to specific regulatory clauses
- ▸Informed by lived governance experience: Vice Chair of a federal AI Governance Board, former Chief AI Officer
Stack