Playbooks that ship the artifact, not slides that sit.
Every playbook in the catalogue walks from first discovery to a signed, dated artefact a supervisor will read. Digital compliance officers do the mechanical work — inventory, control mapping, evidence compilation, attestation. Our specialists own the judgement calls and the sign-off.
Inventory
Enumerate every AI, model and agent in the estate — including the ones that arrived through enterprise SaaS — and tier them to a risk classification a supervisor will recognise.
Assessment
Classify use cases against the relevant regime, run the risk management system, and produce the compilation file the conformity route depends on.
EU AI Act High-Risk System Playbook
Classify use cases against Annex III, build the Article 9 risk management system, and compile the Annex IV technical file your conformity assessment will depend on.
NIST AI RMF Profile Playbook
Govern / Map / Measure / Manage — profiled to your sector, your use cases and the frameworks your regulators read.
Documentation
Write once, render many. The same evidence base rendered into the artifacts each regulator and auditor will read.
SR 11-7 → OSFI E-23 Crosswalk Playbook
For firms operating across US and Canadian supervisory perimeters, one validation file that answers both.
RAG Assurance Playbook
Retrieval-augmented generation has its own attack surface — source provenance, index drift, poisoning risk. Control it.
Monitoring
Drift, performance, outcome and complaint signals — captured, routed and escalated against the thresholds supervisors expect.
Vendor
Third-party and nth-party AI — discovered in enterprise software, diligenced through the contract cascade, monitored against concentration risk.
OSFI B-10 Vendor Cascade Playbook
Discover AI that arrived through enterprise software, tier the vendor stack, and extend due diligence to nth-party AI providers.
Foundation Model Due Diligence Playbook
Bringing a GPAI, Claude, GPT, Gemini, Llama or sovereign model into scope — the diligence a regulated deployer is now expected to perform.
Privacy
PIAs, DPIAs, ADM disclosures and cross-border transfer files — drafted against the clause and the regulator guidance.
Controls
The operational layer: AIMS stand-ups, agent-action budgets, HITL gates, ICT resilience and the control library that sits underneath.
ISO/IEC 42001 AIMS Stand-Up Playbook
Build a certifiable AI Management System: scope, policy, objectives, risk, controls, audit. Mapped to your portfolio.
Agentic AI Governance Playbook
Multi-step autonomous agents, tool-calling chains, and the oversight these systems demand. Agent cards, action budgets, kill switches.
DORA for AI Systems Playbook
ICT risk management and incident reporting where AI is in the critical path — for EU-facing financial entities.
Pick the playbook your portfolio needs next.
Every playbook ships with an artefact set, a control map and an operating cadence. Our digital compliance officers handle the assembly; our specialists review and sign. Tell us which framework is closest to your next supervisory conversation and we will point you at the playbook that starts the work.