We help you turn AI governance into a commercial advantage with enterprise buyers.

Enterprise customers are starting to include AI-assurance in their procurement process, we make sure you get in before it costs you the deal.

The engagement

A two-phased approach.

First, we set the baseline: clear, evidenced picture of where AI lives in your organisation, what is to governed or not, where the gaps are, and what fixing them will involve. You can stop after there and still have artefacts your organisation can use dowm the line. If you proceed, its fee is credited and the build starts from the scope the first phase already established.

01 · Setting the Baseline

AI Footprint Map

Know exactly where AI lives in your organisation, what's yours to govern, where the gaps are, and what fixing them will involve.

Artefact
What you get
Why it’s included
AI-footprint process map

What you get

A visual document capturing all processes, identifying and showing where AI is used in those processes, by whom, how and why.

Why it’s included

You can't govern what you can't see. It is the foundation required to understand how AI is deployed and used within your organisation.

AI & systems register

What you get

This is the operational inventory and the single source of truth of your organisation's AI assets. It can also be referred to in your organisational policies (e.g. list of authorised AI tools in your AI policy).

Why it’s included

Building the AI & systems register leads to the discovery and identification of additional AI risks and ensure ownership of AI systems within your organisation.

Supply-chain role determination

What you get

Clarify which roles (AI producer, AI deployer, AI customer, AI subject) your organisation serves in the supply chain to target controls that are actually relevant.

Why it’s included

This informs the scope of your AI Governance Build

Draft build scope + fixed-price proposal

What you get

An evidence-based, fixed-price plan to take the findings of the first phase and implement actional, compliant and auditable AI governance controls.

Why it’s included

Makes the build decision concrete and de-risked. This first phase effectively pays for itself by pricing the build accurately rather than by guesswork.

02 · Implementing core foundations

AI Governance Build (aligned with ISO 42001)

Put the controls, records, and evidence in place so you can answer your buyers' AI-assurance questions and prove your organisation governs AI safely and responsibly.

Artefact
What you get
Why it’s included
Integrated risk register (AI × Privacy × InfoSec)

What you get

One register that covers AI, privacy and security risk so you stop unknowingly stockpiling business risks.

Why it’s included

Building your organisation's risk register allows identification and risk assessment evidence-based. It also makes your required and missing critical controls obvious.

Controls Implementation

What you get

Implementation of risk treatment plan and key controls.

Why it’s included

Turns findings of all the previous work into action.

Completed AI-CAIQ self-assessmentscoped to your role, evidenced

What you get

You can finally answer the AI-assurance questionnaire, with real evidence for the controls that are yours, cleanly attributing the rest to your providers.

Why it’s included

It's the recognised instrument enterprise buyers and CSA's STAR programme use. This is the artefact that directly unblocks procurement and facilitate the sales process with enterprise buyers.

Enterprise buyers start asking for proof.

We help you provide it so you can close more deals.

Where the requirement bites first

Built for the sectors that get asked earliest.

// edtech

Education

Children's data and safeguarding — what schools and partners check before they'll pilot or buy.

// health

Health data

The trust foundation clinical and enterprise partners look for before they sign.

// finance

Financial data

Customer and regulatory expectations around AI and sensitive data.

// mission

Mission & sensitive data

Donor due diligence and the duty to protect the people you serve.

Lead Implementer

ISO/IEC 42001 — trained (PECB)

Standards-table

Previously active in BSI & ISO/TC 307

Sakshi benchmark

AI behavioural evaluation

Real delivery

Fintech · health · education · mission

FAQ

Does this make me ISO certified?

No — but it puts you on a solid foundation based on best practices and recognised standards (ISO 27001 and ISO 42001), with real evidence and defensible answers for most customer and funder questions. It is also the right base if you decide to pursue ISO certification later.

How long does the full engagement take?

This is based on the size of your organisation and scope

Can I stop after the 'AI Footprint Map' phase?

Yes. This first phase delivers usable artefacts on its own (the AI-footprint maps, the register, the role determination, and a scoped build proposal). You take them and use them, whether or not you proceed to the build.

What does the diagnostic guarantee cover?

It's a deliverable-based guarantee: you get the artefacts, or you get your money back. And if you proceed to the build, the diagnostic fee is credited to ensure you don't pay twice for scope work.

I run a non-profit or mission organisation. Is this for me?

Yes. Funders increasingly require evidence of AI governance in due diligence. The engagement gives your organisation a proportionate way to meet that without a compliance team.

Do I need to be technical or nobody in my team is familiar with ISO 42001?

No. We explain ISO 42001 in plain English and carry you through the decisions.

What if I need something bigger, or full ISO 42001 certification?

Then the Foundations engagement could still the right starting point — the artefacts you build here are exactly what the full ISO/IEC 42001 engagement takes forward. However, please contact us so we can discuss your needs and requirements. See the ISO 42001 service →

Turn AI governance in competitive advantage to close bigger deals, faster.