Compliance

AI governance readiness assessment

Answer eight questions about the controls you run today and see a transparent readiness score, a breakdown by framework, and the gaps worth closing first. It is a planning tool, not a certification.

Start free See pricing

Live in your browser · assumptions shown · no email required

The estimate

Move the inputs. The number is yours.

Governing AI agents means showing evidence: who is accountable, what the agents can reach, what gets logged, and what gets blocked or held before it runs. This assessment turns eight questions about the controls you run today into a transparent readiness score, then breaks it down by framework so you can see where the evidence is thin.

Your deployment

Adjust the inputs to match your setup. The estimate updates as you go.

A named owner is accountable for AI governance

Accountability is documented and someone owns it. Maps to NIST GOVERN and AI6 G1.

You inventory every agent and the tools and data it can reach

Nothing runs ungoverned. Maps to NIST MAP and AI6 G1.

Every agent action lands in a tamper-evident log

The backbone of every evidence pack. Maps to EU AI Act Article 12 and AI6 G9.

Policy can block or hold risky tool calls before they run

An enforcement point on the tool boundary. Maps to NIST MANAGE and AI6 G3.

High-risk actions have a human approval and intervention path

Someone can review and step in. Maps to EU AI Act Article 14 and AI6 G5 and G7.

You test agents for risk before and during deployment

With coverage measured. Maps to NIST MEASURE and AI6 G2 and G4.

You control what data agents reach and flag sensitive flows

Sensitive data is caught before it leaves. Maps to AI6 G3 and NIST MAP.

Agent misbehavior triggers an automated response and an incident process

Detection wired to a response. Maps to NIST MANAGE and AI6 G2.

AI governance readiness

45/ 100Foundational

Readiness by framework

NIST AI RMF44%
ISO/IEC 4200151%
Australia AI649%

How readiness breaks down

Accountable owner for AI governanceIn place
Maps to NIST GOVERN-1.1, AI6 guardrail G1
Inventory of agents, tools, and data reachPartial
Maps to NIST MAP-1.1, AI6 guardrail G1
Tamper-evident record of every actionPartial
Maps to EU AI Act Article 12, AI6 G9, NIST MANAGE-4.1
Policy that blocks or holds risky callsPartial
Maps to NIST MANAGE-2.1, AI6 guardrail G3
Human approval and intervention pathPartial
Maps to EU AI Act Article 14, AI6 guardrails G5 and G7
Risk testing and coverageNot in place
Maps to NIST MEASURE, AI6 guardrails G2 and G4
Data reach control and sensitive-flow checksPartial
Maps to AI6 guardrail G3, NIST MAP and MEASURE
Automated response and incident processNot in place
Maps to NIST MANAGE-2.1, AI6 guardrail G2

Close these gaps next

Test agents before and during deployment and measure your coverage.
Record every agent action in a tamper-evident log, the backbone of every evidence pack.
Add policy that scores and blocks or holds risky tool calls before they run.

A transparent readiness estimate from your own answers, mapped to common AI governance frameworks. It is evidence of where your controls stand, not a certification, a conformity assessment, or legal advice. You and your assessors make the final determination.

Email me this report

Get this estimate and a short breakdown in your inbox, and we will follow up if you want to talk through your agent setup. The result above stays free with no signup.

It mirrors how AxioRank scores posture: a control that is fully in place counts in full, a partial control counts half, and a missing control counts zero. The result is a readiness estimate to prioritize your next step, not a certification or a conformity assessment.

Assumptions and sources

Every coefficient, on the page.

Readiness is a weighted coverage score across eight governance controls on a fixed 100-point scale, the same way the AxioRank dashboard scores posture. A control that is fully in place counts in full, a partial control counts half, and a missing control counts zero. Each framework score reflects only the controls that framework leans on, so the bars track the evidence each one actually asks for.

Control weights sum to 100, with the audit trail and policy controls highest at 16 each

A tamper-evident record and an enforcement point on the tool boundary are the backbone of every framework's evidence, so they carry the most weight. The rest is spread across accountability, inventory, oversight, testing, data protection, and incident response.

Partial credit: a partial control counts 0.5

This mirrors the product's live posture math, where a satisfied control counts one, a partial control counts a half, and a missing control counts zero. It rewards work in progress without overstating readiness.

Scored against NIST AI RMF, ISO/IEC 42001, and Australia AI6

The same three frameworks the AxioRank compliance view maps. EU AI Act Articles 12 and 14 and SOC 2 evidence are referenced in the control notes as additional packs, not separate bars.

FAQ

Questions about the model.

How is readiness calculated?

It is a weighted coverage score across eight governance controls on a 100-point scale. Each control counts in full when it is fully in place, half when it is partial, and zero when it is missing. The per-framework bars use only the controls that framework leans on, so each one reflects the evidence it actually asks for.

Does a high score mean we are compliant or certified?

No. This is a readiness estimate from your own answers, not a certification, a conformity assessment, or legal advice. It shows where your controls stand and what to close next. You and your assessors make the final determination.

Which frameworks does this cover?

The score is mapped to NIST AI RMF, ISO/IEC 42001, and Australia's AI6 guidance, the same three the AxioRank compliance view scores. The control notes also reference EU AI Act Articles 12 and 14 and SOC 2 evidence, which AxioRank produces as additional packs.

How does AxioRank raise this readiness?

AxioRank sits on the tool boundary and records every agent action in a tamper-evident log, scores and blocks or holds risky calls by policy, routes high-risk actions to a human, and exports a framework-mapped evidence pack. Those are the controls this assessment scores.

Keep exploring

Govern your agents, not just estimate the risk

AxioRank scores every tool call your agents make for leaked secrets, PII, destructive operations, and prompt injection, then proves it in a tamper-evident audit log. Start free, no card.

Start free Talk to us