AI Compliance Assistant - TXAZ Accelerator

AI Governance Hub

Operational copilot answering the 8 core governance questions for your organization's AI usage.

0

AI Tools Tracked

0

Approved

0

Unapproved

0

Open Risks

0

Open Incidents

0

Policies

Question 1

What AI are we using?

0 tools

No AI assets registered yet.

Question 2

Who approved it?

0 approved

No approvals recorded.

Question 3

What data does it process?

0 documented

No data classifications recorded.

Question 4

What risks does it introduce?

0 risks

No risks logged.

Question 5

Which policies apply?

0 policies

No AI policies created.

Question 6

Are there unresolved remediation items?

0 open

No open remediation items.

Question 7

Aligned with compliance obligations?

--

Add assets to assess alignment.

Question 8

Evidence of responsible governance?

--

No evidence trail established yet.

🤖 AI Assistant Recommendations

No recommendations yet. Start by registering your AI tools in the Asset Registry.

AI Asset Registry

Discover and track all AI-enabled applications, services, models, and tools used in your organization.

Name	Type	Vendor	Owner	Department	Data Processed	Risk	Approved	Actions
No AI assets registered. Click "Register AI Tool" to begin.

AI Risk Register

Track risks introduced by AI systems: data exposure, hallucination, prompt injection, model poisoning, and more.

Title	Category	Severity	Likelihood	Owner	Status	Review Date	Actions
No risks logged.

AI Policy Management

Create, version, approve, and track AI policies: Acceptable Use, Secure Prompting, Procurement, Data Handling, Governance Charter.

Title	Type	Version	Status	Owner	Next Review	Acknowledgements	Actions
No policies created yet.

AI Vendor Assessment

Assess each AI provider for SOC 2, ISO 27001, FedRAMP, data residency, model training policy, encryption, and assign a risk score.

Vendor	Product	SOC 2	ISO 27001	FedRAMP	Data Residency	Retention	Risk Score	Actions
No vendors assessed.

AI Data Classification Review

Determine whether AI tools interact with CUI, PII, PHI, PCI, IP, export-controlled data, or source code. Flag high-risk scenarios.

Data Classification by AI Tool

Register AI assets with data processing details to see classification analysis.

⚠ High-Risk Flags

No high-risk flags detected. Add AI tools with sensitive data classifications to surface risks.

AI Readiness Assessment

Questionnaire covering governance, security, privacy, legal, vendor management, human oversight, and monitoring. Generates maturity score and gap analysis.

Readiness Questionnaire

[Governance] Has your organization established an AI governance policy?

[Governance] Is there a designated AI owner or responsible party?

[Security] Are AI tools subject to the same security review as other software?

[Security] Is multi-factor authentication enforced for AI platform access?

[Privacy] Have privacy impact assessments been conducted for AI tools?

[Privacy] Is employee AI usage monitored for sensitive data exposure?

[Legal] Are AI vendor contracts reviewed for IP and data clauses?

[Legal] Is AI-generated content subject to copyright review?

[Vendor] Are AI vendors assessed for SOC 2 or equivalent certifications?

[Vendor] Are vendor data retention and training policies documented?

[Human Oversight] Are AI outputs reviewed by humans before consequential decisions?

[Human Oversight] Is there a process for reporting AI errors or hallucinations?

[Monitoring] Is AI tool usage logged and audited?

[Monitoring] Are alerts configured for unusual AI usage patterns?

AI Compliance Mapping

Map AI governance practices to CMMC, NIST SP 800-171, NIST AI RMF, ISO/IEC 42001, ISO/IEC 23894, and internal policies.

Framework	Control	Requirement	AI Governance Action	Status
CMMC	AC.1.001	Limit information system access to authorized users	Map AI tools to authorized user lists	Not Assessed
CMMC	AC.2.006	Limit use of portable storage devices	Restrict AI tools accessing removable media	Not Assessed
NIST 800-171	3.1.1	Limit access to authorized users	AI tool access controls documented	Not Assessed
NIST 800-171	3.13.1	Monitor and control communications at external boundaries	AI API calls monitored	Not Assessed
NIST AI RMF	GOVERN 1.1	Policies, processes, and procedures for AI risk	AI Governance Charter in place	Not Assessed
NIST AI RMF	MAP 1.1	Context established for AI risk identification	AI Risk Register maintained	Not Assessed
NIST AI RMF	MEASURE 2.1	AI risk metrics defined	Risk scoring applied to AI assets	Not Assessed
NIST AI RMF	MANAGE 1.1	Responses to AI risks and benefits	Mitigation plans documented	Not Assessed
ISO 42001	6.1	Actions to address risks and opportunities	AI risk assessment conducted	Not Assessed
ISO 42001	7.5	Documented information on AI management	Policies and records maintained	Not Assessed
ISO 23894	4.1	Understanding the organization and its context for AI risk	AI inventory established	Not Assessed
Internal	AI-POL-001	AI Acceptable Use Policy	Policy created and acknowledged	Not Assessed
Internal	AI-POL-002	AI Data Handling Standard	Data classification review completed	Not Assessed

Prompt Library

Approved organizational prompt repository. Track business purpose, data sensitivity, platform, owner, and approval status.

Title	Platform	Owner	Data Sensitivity	Approved	Review Date	Actions
No prompts in library.

AI Incident Management

Capture AI-related incidents: data disclosure, hallucination impact, unauthorized use, prompt injection, API abuse, and model misuse.

Title	Type	Severity	Reporter	Owner	Status	Date	Actions
No incidents reported.

AI Procurement Workflow

Before adopting a new AI tool: complete risk questionnaire, vendor assessment, obtain approvals, document use, classify data, assign owner.

Tool	Requestor	Department	Data Class	Vendor Assessed	Legal	Security	Status	Actions
No procurement requests.

AI Training Tracker

Track completion of responsible AI use, prompt engineering, sensitive data protection, hallucination recognition, and organizational policy training.

Training Modules

Module	Status	Due Date
Responsible AI Use	Not Started	--
Secure Prompting Guidelines	Not Started	--
Protecting CUI in AI Systems	Not Started	--
Recognizing AI Hallucinations	Not Started	--
Copyright and IP Considerations	Not Started	--
Organizational AI Policy	Not Started	--
AI Incident Reporting	Not Started	--
CMMC & AI Compliance	Not Started	--

AI Usage Analytics

Track most-used AI platforms, active users, departments, adoption trends, new tools detected, and inactive tools.

0

Total AI Tools

0

Approved

0

Shadow AI

0

Vendors

AI Tool Breakdown by Type

Register AI assets to see breakdown by type.

Top AI Tools by Risk

No data yet.

🤖 AI Assistant Recommendations

Data Classification by AI Tool

⚠ High-Risk Flags

Readiness Questionnaire

Maturity Score

Training Modules

AI Tool Breakdown by Type

Top AI Tools by Risk

Register AI Tool

Add AI Risk

Create AI Policy

Add AI Vendor Assessment

Add to Prompt Library

Report AI Incident

New AI Procurement Request