NIST AI RMF Profile Playbook
Govern / Map / Measure / Manage — profiled to your sector, your use cases and the frameworks your regulators read.
How the playbook runs.
Each phase is operated jointly by our compliance agents and our specialists. Agents carry the mechanical steps; specialists own the judgement calls and the sign-off at the boundary between phases.
- 01Govern alignment
- 02Map the system context
- 03Measure risks and performance
- 04Manage throughout lifecycle
What you hold at the end.
Signed, dated, tamper-evident, portable. The artifact set reads in PDF, Excel and JSON — and without a platform login. Your practitioners keep working even if we walk away.
The regimes this playbook answers.
One playbook, mapped clause-by-clause to every framework in scope. Open any framework below for the primary-source detail and the controls we land against it.
The agents that touch this playbook.
Each agent is bounded, instrumented and auditable. Actions are logged. Thresholds are reviewed. A specialist holds the pen at every decision point that carries supervisory weight.
- Risk Tiering AgentClassifies use cases against the regime under review (Annex III, Article 9 triggers, material-risk thresholds) and documents the rationale.
- Control Mapping AgentPulls the relevant clause-level obligations and aligns them to your existing control register.
- Validation AgentAssembles validation, accuracy and robustness evidence against the clause the regulator will read.
- Evidence Engine AgentCompiles the technical documentation and risk management file into the artifact the conformity route depends on.
Start this playbook on your portfolio.
Tell us which estate it runs against and which supervisory conversation it needs to answer. We will walk from first discovery to a signed artifact — with the agents doing the assembly and our specialists owning the sign-off.