Skip to main content
Assessments
Professionally Led

Know your current risks. Plan to reduce them.

Whether you're adopting AI, preparing for an audit, or just want to know where you stand, our assessments give you a clear picture of your risks and provide you a roadmap to reduce them.

01 · AI Risk Assessment

Is your organization managing the security and governance risks that come with adopting AI?

Most AI adoption is happening in the shadows. Marketing teams paste into ChatGPT. Engineering ships agents that touch production. Finance pilots a copilot inside the spreadsheet. Protecting your company requires understanding these risks.

§What's included · 8 items
  1. 01AI acceptable-use policy and governance framework review
  2. 02Inventory and classification of AI tools, models, and integrations in use
  3. 03Data-protection controls for AI inputs, outputs, and training data
  4. 04Prompt injection, jailbreak, and adversarial-input risk evaluation
  5. 05Agentic-AI controls: human-in-the-loop, execution boundaries, kill switches
  6. 06AI vendor and supply-chain risk assessment
  7. 07Monitoring, logging, and incident-response readiness for AI systems
  8. 08Alignment to NIST AI RMF, ISO/IEC 42001, and emerging AI regulations
§How the engagement runs
IWeek 0

Scope

A 30-minute call. We agree scope, stakeholders, and what success looks like at the end.

IIWeeks 1–2

Discover

We read your documentation, interview your team, and review your systems.

IIIWeeks 3–4

Diagnose

A draft report — gaps, risks, prioritised remediation — circulated for your review.

IVWeek 5+

Decide

Executive summary, final report, actionable, prioritized roadmap.

Trusted Process

Every assessment delivers an actionable report, ready to be used by internal teams, external partners, or by leveraging the ComplianceXO platform.

Erik Boemanns·Founder, Chief Technologist, Mirability / ComplianceXO
§See also
Or start where it's free

Take the free self-assessment first.

Six minutes, no account required. You'll get an instant grade and a single PDF you can take to your audit committee — or to us, when you're ready for the operator-led version.