AI Risk & Governance

When to Use

• Classifying AI use cases by risk tier and impact
• Drafting AI acceptable-use policies and governance frameworks
• Building AI risk registers with likelihood/severity/mitigation tracking
• Preparing model cards, system cards, or DPIAs for AI deployments
• Reviewing third-party LLM vendors (data terms, fine-tuning, safety commitments)
• Mapping AI products to frameworks (NIST AI RMF, ISO 42001, EU AI Act concepts)
• Aligning product and engineering teams with compliance requirements
• Designing human-in-the-loop oversight for consequential AI decisions

When NOT to Use