Ten dimensions.
Real evidence.
Our assessment covers the ten governance dimensions that matter: accountability, fairness, transparency, human oversight, data governance, privacy, security, safety and robustness, third-party communication, and continual improvement. Each is scored from 0 to 3 against real evidence. The ten governance dimensions are assessed across the nine evidence areas below.
AI inventory and shadow AI
What good looks like
Every AI system in active use is identified and logged, including tools that staff are using without IT or management sign-off.
Policy coverage vs actual practice
What good looks like
Written policies exist, are current, and match what the organisation actually does. Staff know where to find them and follow them.
Data protection and privacy
What good looks like
AI systems that process personal data have been assessed for UK GDPR compliance, with Data Protection Impact Assessments in place for high-risk processing.
Human oversight and decision accountability
What good looks like
Every AI-influenced decision has an identifiable owner, a review mechanism, and a record of what was decided and on what basis.
Staff training and AI literacy
What good looks like
Staff using AI tools understand what they can and cannot do, the risks of careless use, and where to go when something goes wrong.
Third-party and vendor controls
What good looks like
AI tools and vendors acquired from third parties have been assessed before deployment, and your exposure to their data-handling practices is understood and managed.
Incident and escalation routes
What good looks like
Your organisation has a clear process for when AI systems produce unexpected, harmful or unacceptable outputs: who to tell, how to escalate, and how to halt or override.
Leadership accountability and board oversight
What good looks like
Responsibility for AI governance is assigned in writing at senior level, with regular, structured visibility over the organisation's AI estate and its risks.
Fairness and bias risk
What good looks like
AI-assisted decisions affecting people have been checked for bias against protected characteristics under the Equality Act 2010, and the organisation can evidence that check was done.
Our methodology is built on ISO/IEC 42001, the NIST AI Risk Management Framework and the EU AI Act, and covers the ground consulted on in DSIT's AI Management Essentials work. Each dimension is scored from 0 to 3 against real evidence: not a checklist, not a self-assessment, and not calibrated to the most flattering interpretation.
How it works
A structured engagement from scoping call to written findings. Typically 1 to 2 weeks from engagement.
Scoping call
We confirm what your organisation uses AI for, the team members to involve, and which dimensions to prioritise given your sector and risk profile.
Evidence gathering
We review existing policies and documentation, walk through the AI systems in use, and hold short conversations with the people who design, run and use them.
Assessment against the framework
Each of the ten governance dimensions is scored from 0 to 3 against real evidence, calibrated across our work with comparable UK businesses.
Written findings
Findings are documented, risk-rated and ordered by priority. The maturity heatmap is built from the evidence, showing your strongest and most exposed dimensions side by side.
Remediation roadmap
A prioritised action plan with effort estimates: what to fix, in what order, and how much work each item is. Proportionate to your size and resources.
Debrief session
We walk through every finding with you, answer questions, and agree on next steps. You leave with a clear picture of where you stand and what to do about it.
What you receive
Six concrete outputs: everything you need to understand where you stand, prioritise what to fix, and show a board, a client or a regulator that you have done this properly.
RAG-rated findings report
A complete assessment across all ten governance dimensions. Each finding is red, amber or green rated for at-a-glance priority, with the full detail scored 0 to 3 against the evidence rubric.
Maturity heatmap
A visual snapshot of your governance maturity: which dimensions are solid, which are partially in place, and where the highest-leverage gaps sit.
Prioritised remediation plan
What to fix, in what order, with effort estimates: a proportionate action plan your team can actually follow.
Board-ready executive summary
A concise summary suitable for board, leadership or external review: your governance position, the key risks, and the recommended next steps.
Debrief session
A live walkthrough of every finding so you leave the engagement knowing exactly what was found and what to do next.
ISO/IEC 42001 pathway
A clear pathway toward ISO/IEC 42001 alignment, if certification is your end goal.
Two ways in
Whether you are starting fresh or already have findings to act on, there is a direct path to the right next step.
Start with the free AI Governance Scorecard
Fifteen questions, ten minutes, no sales call. You receive a RAG-rated score across the ten governance dimensions, a plain-English view of which UK rules and benchmarks are likely to apply to you, and a recommended next step. The health check is the natural next rung once you have your score and want an independent review.
Take the free scorecardBook a scoping call directly
If you have already received audit findings from a regulator or insurer, completed an internal review, or simply know where your governance gaps are and want expert help closing them, book a scoping call directly. No need to start with the free tool if you are past that stage: we will confirm the right engagement, scope it to your situation, and get straight to work.
Book a scoping callNatural companion steps
The health check gives you the picture. These are the most common next rungs.
AI Use Policy Pack
A tailored AI Acceptable Use Policy, a one-page staff quick-reference and a short risk note: the fastest way to close the policy gap the health check most commonly surfaces.
Full details ›Back to the product ladder
See every product, from the free AI Governance Scorecard through to bespoke AI builds: fixed scope and plain pricing at every step.
View all products ›