Full AI GRC Assessment

Complete assessment of AI Governance, Risk and Compliance based on ISO 42001, CIS Controls, and NIST CSF frameworks

Download Resources

Assessment Instructions

This assessment evaluates your organization's AI Governance, Risk and Compliance (GRC) maturity across seven key domains. Follow these steps to complete the assessment:

  1. For each domain, answer all assessment questions based on your organization's current practices.
  2. Provide evidence to support your compliance status for each control.
  3. Document gaps and remediation plans for areas of non-compliance.
  4. Prioritize remediation actions based on risk level and implementation complexity.
  5. Track progress over time by conducting regular reassessments.

You can complete the assessment online using the interactive form below, or download domain-specific checklists for offline completion.

This assessment is designed to be a "living document" that can be used for both pre-engagement and post-engagement client assessments.

Domain 1: AI Governance and Risk Management

View Details

1.1 AI Governance Structure

Has your organization established a formal AI governance structure with defined roles, responsibilities, and reporting lines, including a Chief AI Security Officer (CAISO) or equivalent role?

1.2 AI Risk Management Framework

Has your organization implemented a comprehensive AI risk management framework that identifies, assesses, mitigates, and monitors AI-specific risks?

Download Domain Checklist

Domain 2: AI Data Governance and Privacy

View Details

2.1 AI Data Governance Framework

Has your organization established a data governance framework specific to AI training and operational data, including policies, procedures, and oversight mechanisms?

2.2 Bias Assessment and Mitigation

Has your organization implemented processes to identify, measure, and mitigate bias in AI training data to ensure fair and equitable AI system outputs?

Download Domain Checklist

Domain 3: AI Model Development and Security

View Details

3.1 Secure AI Model Development Lifecycle

Has your organization implemented a secure AI model development lifecycle that includes security requirements, threat modeling, and security testing at each phase?

3.2 AI Model Documentation and Version Control

Has your organization established standardized documentation practices for AI models, including architecture, parameters, training methods, and version control?

Download Domain Checklist

Domain 4: AI Operations and Deployment

View Details

4.1 Secure AI Deployment Practices

Has your organization developed and implemented secure deployment procedures for AI systems, including configuration management, environment separation, and deployment verification?

4.2 AI System Monitoring

Has your organization implemented continuous monitoring solutions for AI systems that detect security anomalies, unexpected behaviors, and performance issues?

Download Domain Checklist

Domain 5: AI Incident Response and Recovery

View Details

5.1 AI-Specific Incident Response Procedures

Has your organization developed and implemented AI-specific incident response procedures that address unique AI failure modes, security incidents, and ethical breaches?

5.2 AI System Rollback Capabilities

Has your organization implemented and tested AI system rollback capabilities, including version control, configuration backups, and deployment automation?

Download Domain Checklist

Domain 6: AI Transparency and Explainability

View Details

6.1 AI Transparency Policy

Has your organization established a formal AI transparency policy that defines requirements for disclosing AI use, capabilities, limitations, and decision-making processes to stakeholders?

6.2 AI Explainability Mechanisms

Has your organization implemented appropriate explainability mechanisms for AI systems based on risk level, use case, and stakeholder needs?

Download Domain Checklist

Domain 7: AI Literacy and Training

View Details

7.1 AI Literacy Program

Has your organization developed and implemented an AI literacy program that provides foundational knowledge about AI concepts, capabilities, limitations, and risks to all relevant stakeholders?

7.2 Specialized AI Training

Does your organization provide specialized training for key roles involved in AI governance, development, deployment, and use, including technical, ethical, and compliance aspects?

Download Domain Checklist

Assessment Summary

Compliance Status

Status Count Percentage
Compliant 0 0%
Partially Compliant 0 0%
Non-Compliant 0 0%
Not Applicable 0 -

Overall Compliance Score

0%

The overall compliance score is calculated by assigning full points for compliant controls, half points for partially compliant controls, and zero points for non-compliant controls. Not applicable controls are excluded from the calculation.

Remediation Priorities

Assessment Resources

Downloads

  • Executive Summary
  • Question Matrix
  • Complete Assessment Package
  • All Downloadable Resources

Framework References

ISO 42001 CIS Controls NIST AI RMF NIST CSF

Assessment Tips

Evidence Documentation: Provide specific, verifiable evidence for each control. Include document names, policy references, and implementation examples.
Remediation Planning: Focus on actionable steps with clear ownership and timelines. Prioritize based on risk level and implementation complexity.