GenAI Governance Policy v3.0 (AI Policy)

The master document in your governance stack. It defines the principles, governance structure, and accountability model for every AI initiative in your organization. All other documents in this bundle sit underneath it.

• Three Lines of Defense model with clear GenAI-specific responsibilities
• Risk tiering framework (Red, Amber, Green) with control escalation rules
• Full lifecycle governance gates from ideation through decommission
• Incident severity classification and response procedures

Best For- CROs, AI Risk Officers, and AI Oversight Committee members setting top-level policy.

Model Risk Management Standards v3.0 (Standards)

The operational rulebook for anyone registering, validating, testing, or monitoring GenAI models. Covers everything from mandatory registration fields to red-team testing protocols and quantitative performance thresholds.

• Mandatory model registration with 12+ required fields per model
• Pre-production validation requirements including prompt chain testing
• Red-team testing protocols required for Amber and Red tier models
• Quantitative performance thresholds (response consistency, hallucination rates)

Best For- AI Risk Officers, model owners, and MRM teams responsible for model governance.

AI Data Classification Policy v4.0 (AI Policy)

Defines how data should be classified, handled, and protected when used with AI systems. Goes beyond traditional data policies to address RAG knowledge bases, anonymization for AI training, and third-party data transmission rules

• Four-level classification framework (Public, Internal, Confidential, Restricted)
• RAG knowledge base governance with mandatory metadata fields
• Approved anonymization techniques with validation requirements
• Role-based access controls mapped to risk tiers

Best For- Data Protection Officers, Chief Privacy Officers, and teams managing AI data pipelines.

HITL Oversight Checklist v2.0 (Checklist)

A ready-to-use operational checklist for putting human review controls around GenAI outputs. Specifies what to review, who reviews it, how often, and what to do when something goes wrong.

• Tiered review coverage: 100% for Red, 15% sampling for Amber, optional for Green
• Golden questions for quality spot-checks of AI outputs
• Escalation procedures with clear authority levels
• 30-day periodic review cycle with sign-off requirements

Best For- Operations teams, model owners, and anyone deploying AI in customer-facing or financial workflows.

Third-Party AI Vendor Due Diligence v2.0 (Procedures + Template)

A structured 30-day assessment process for evaluating external AI vendors, complete with a fill-in scoring template. The Third-Party Comfort Index (TCI) gives you a repeatable, quantifiable score for every vendor.

• Six-stage due diligence process from initiation to approval
• TCI formula combining documentation, transparency, and regulatory alignment scores
• Assessment depth scales by risk tier (Green, Amber, Red)Auto-generated Excel workbook with editable assumptions, ROI calculator, and Gantt-style roadmap
• Automatic disqualifiers and approval authority matrix

Best For- Procurement teams, AI Risk Officers, and legal counsel evaluating AI vendors.

GenAI Risk Scorecard Assistant (CustomGPT Blueprint)

A design blueprint for building your own ChatGPT-powered risk scorer. Feed it a GenAI use case, and it calculates a weighted risk score using McKinsey's 5/3/1 framework, then recommends controls across four layers.

• McKinsey 5/3/1 risk scoring with five weighted factors
• Automated tier classification: Red (70+), Amber (40-69), Green (under 40)
• Four-layer control mapping: business, procedural, manual, automated
• Portfolio-level summary for multi-use-case governance

Best For- AI governance teams scoring new GenAI use cases before deployment.

AI Scaling Advisor (CFO Edition) (CustomGPT Blueprint)

A design blueprint for a ChatGPT advisor that interprets your completed AI Maturity Assessment. Upload your results, and it identifies gaps, maps them to the MIT CISR framework, and builds a 12-week action plan.

• Reads and validates the AI Maturity Assessment Toolkit results directly
• Maps gaps to MIT CISR dimensions with evidence-based recommendations
• Generates a board-style one-pager and a 12-week prioritized action plan
• Labels inferences vs. data-backed findings for transparency

Best For- CFOs and CIOs building an enterprise AI scaling roadmap.

AI Maturity Assessment Toolkit (Excel Model)

A self-assessment questionnaire based on the MIT CISR Enterprise AI Maturity Model. Rate your organization across five capability areas, and the toolkit calculates your maturity stage with detailed results and improvement areas.

• Five capability areas: Strategy, Data, Skills, Use Cases, Technology
• 1-5 rating scale with clear definitions for each level
• Automatic maturity stage calculation with detailed results dashboard
• Feeds directly into the AI Scaling Advisor CustomGPT for action planning

Best For- CFOs and senior leaders assessing organizational AI readiness.