Back to trustTrust · Compliance
Aligned to the frameworks your examiner already knows.
We name the frameworks we align to and the services that inherit each alignment. No vague claims.
Framework × service
Where each framework lives in our work.
✓ means the practice ships with deliverables aligned to that framework. — means the framework does not materially apply to that practice.
| Framework | AI eng | Cloud | Data | IDP | Agentic | RAG | Vision | Advisory |
|---|---|---|---|---|---|---|---|---|
NIST AI RMF 1.0 Govern · Map · Measure · Manage | Aligned | Not applicable | Aligned | Aligned | Aligned | Aligned | Aligned | Aligned |
HIPAA 45 CFR Part 164 | Aligned | Aligned | Aligned | Aligned | Aligned | Aligned | Aligned | Aligned |
FFIEC IT Examination Handbook Architecture and information security | Aligned | Aligned | Aligned | Aligned | Aligned | Aligned | Not applicable | Aligned |
NCUA Letter 22-CU-02 AI Risk Management for credit unions | Aligned | Not applicable | Aligned | Aligned | Aligned | Aligned | Not applicable | Aligned |
42 CFR Part 2 Substance use disorder confidentiality | Aligned | Aligned | Aligned | Aligned | Aligned | Aligned | Not applicable | Aligned |
FedRAMP Moderate (aligned) Landing zone and control alignment | Aligned | Aligned | Aligned | Aligned | Aligned | Aligned | Aligned | Aligned |
What ships with every system
Examiner-ready by default.
Every production deployment hands the customer this set of artifacts. They are deliverables of the engagement, not add-ons.
- Model cards for every deployed model
- Bias evaluation reports against protected classes
- Architecture-of-record diagrams refreshed per release
- Change management logs and approval trails
- Incident response runbooks specific to your architecture
- Audit logs retained per regulatory minimum
- Vendor risk packages for every third-party AI component
- NIST AI RMF profile per deployed AI system