We help you turn AI governance into a commercial advantage with enterprise buyers.
Enterprise customers are starting to include AI-assurance in their procurement process, we make sure you get in before it costs you the deal.
The engagement
A two-phased approach.
First, we set the baseline: clear, evidenced picture of where AI lives in your organisation, what is to governed or not, where the gaps are, and what fixing them will involve. You can stop after there and still have artefacts your organisation can use dowm the line. If you proceed, its fee is credited and the build starts from the scope the first phase already established.
01 · Setting the Baseline
AI Footprint Map
Know exactly where AI lives in your organisation, what's yours to govern, where the gaps are, and what fixing them will involve.
What you get
A visual document capturing all processes, identifying and showing where AI is used in those processes, by whom, how and why.
Why it’s included
You can't govern what you can't see. It is the foundation required to understand how AI is deployed and used within your organisation.
What you get
This is the operational inventory and the single source of truth of your organisation's AI assets. It can also be referred to in your organisational policies (e.g. list of authorised AI tools in your AI policy).
Why it’s included
Building the AI & systems register leads to the discovery and identification of additional AI risks and ensure ownership of AI systems within your organisation.
What you get
Clarify which roles (AI producer, AI deployer, AI customer, AI subject) your organisation serves in the supply chain to target controls that are actually relevant.
Why it’s included
This informs the scope of your AI Governance Build
What you get
An evidence-based, fixed-price plan to take the findings of the first phase and implement actional, compliant and auditable AI governance controls.
Why it’s included
Makes the build decision concrete and de-risked. This first phase effectively pays for itself by pricing the build accurately rather than by guesswork.
02 · Implementing core foundations
AI Governance Build (aligned with ISO 42001)
Put the controls, records, and evidence in place so you can answer your buyers' AI-assurance questions and prove your organisation governs AI safely and responsibly.
What you get
One register that covers AI, privacy and security risk so you stop unknowingly stockpiling business risks.
Why it’s included
Building your organisation's risk register allows identification and risk assessment evidence-based. It also makes your required and missing critical controls obvious.
What you get
Implementation of risk treatment plan and key controls.
Why it’s included
Turns findings of all the previous work into action.
What you get
You can finally answer the AI-assurance questionnaire, with real evidence for the controls that are yours, cleanly attributing the rest to your providers.
Why it’s included
It's the recognised instrument enterprise buyers and CSA's STAR programme use. This is the artefact that directly unblocks procurement and facilitate the sales process with enterprise buyers.
Enterprise buyers start asking for proof.
We help you provide it so you can close more deals.
Where the requirement bites first
Built for the sectors that get asked earliest.
// edtech
Education
Children's data and safeguarding — what schools and partners check before they'll pilot or buy.
// health
Health data
The trust foundation clinical and enterprise partners look for before they sign.
// finance
Financial data
Customer and regulatory expectations around AI and sensitive data.
// mission
Mission & sensitive data
Donor due diligence and the duty to protect the people you serve.
Lead Implementer
ISO/IEC 42001 — trained (PECB)
Standards-table
Previously active in BSI & ISO/TC 307
Sakshi benchmark
AI behavioural evaluation
Real delivery
Fintech · health · education · mission
FAQ
Does this make me ISO certified?
No — but it puts you on a solid foundation based on best practices and recognised standards (ISO 27001 and ISO 42001), with real evidence and defensible answers for most customer and funder questions. It is also the right base if you decide to pursue ISO certification later.
How long does the full engagement take?
This is based on the size of your organisation and scope
Can I stop after the 'AI Footprint Map' phase?
Yes. This first phase delivers usable artefacts on its own (the AI-footprint maps, the register, the role determination, and a scoped build proposal). You take them and use them, whether or not you proceed to the build.
What does the diagnostic guarantee cover?
It's a deliverable-based guarantee: you get the artefacts, or you get your money back. And if you proceed to the build, the diagnostic fee is credited to ensure you don't pay twice for scope work.
I run a non-profit or mission organisation. Is this for me?
Yes. Funders increasingly require evidence of AI governance in due diligence. The engagement gives your organisation a proportionate way to meet that without a compliance team.
Do I need to be technical or nobody in my team is familiar with ISO 42001?
No. We explain ISO 42001 in plain English and carry you through the decisions.
What if I need something bigger, or full ISO 42001 certification?
Then the Foundations engagement could still the right starting point — the artefacts you build here are exactly what the full ISO/IEC 42001 engagement takes forward. However, please contact us so we can discuss your needs and requirements. See the ISO 42001 service →