Assessment methodology
An evidence-first AI security readiness audit aligned with the EU AI Act, ISO 42001, and NIST AI RMF, delivering audit-ready documentation in 5–10 business days.
What we cover
System mapping
Comprehensive overview of AI use cases, data flows, and accountable owners.
Risk identification
Material risks across privacy, safety, bias, security, reliability, and monitoring.
Control assessment
Evaluation of existing controls and identification of gaps.
Evidence collection
Structured artifacts for enterprise security reviews and vendor questionnaires.
Prioritization
Risk-based prioritization of fixes and governance improvements.
Stakeholder reporting
Executive summaries and actionable roadmaps for leadership and compliance teams.
The model
Assess
- •Map AI systems and use cases
- •Identify material risks
- •Evaluate existing controls
Output
System map + risk register
Evidence
- •Collect supporting artifacts
- •Document controls and processes
- •Prepare for enterprise reviews
Output
Evidence pack
Risk
- •Score severity and likelihood
- •Identify control gaps
- •Prioritize remediation
Output
Prioritized risk register
Action
- •Develop phased roadmap
- •Define ownership and RACI
- •Set implementation milestones
Output
Action plan
Outputs you can show
Our assessments produce enterprise-ready deliverables designed for stakeholders, security reviews, and compliance discussions.
- AI System Map — use cases, data flows, owners
- Risk Register — severity/likelihood + controls & gaps
- Executive Summary — stakeholder-ready (1–2 pages)
- Implementation Roadmap — phased priorities and milestones
- Evidence Pack — reusable answers + artifacts for enterprise questionnaires
Visual placeholder
How we run it
Scoping
30-minute call to understand use cases and constraints
Evidence Collection
Docs, screenshots, configs, interviews (NDA-ready)
Assessment
Structured analysis + risk scoring
Readout & Report
Walkthrough call, PDF deliverables, and (where applicable) granting of an Azmoy assessment badge
Scoping
30-minute call to understand use cases and constraints
Evidence Collection
Docs, screenshots, configs, interviews (NDA-ready)
Assessment
Structured analysis + risk scoring
Readout & Report
Walkthrough call, PDF deliverables, and (where applicable) granting of an Azmoy assessment badge
Standards alignment
Our assessments are grounded in recognized standards, including NIST AI RMF, ISO 42001, and EU AI Act–aligned approaches. We help you prepare for compliance readiness without claiming certification or legal audit status.
Frequently asked questions
What is your assessment approach?
We use an evidence-first process that produces audit-ready outputs in 5–10 business days, aligned with EU AI Act, ISO 42001, and NIST AI RMF.
How do you align with standards?
Our assessments are grounded in recognized standards, including NIST AI RMF, ISO 42001, and EU AI Act–aligned approaches. We help you prepare for compliance without claiming certification.
What outputs do I receive?
You receive a comprehensive set of deliverables including an AI System Map, Risk Register, Executive Summary, Implementation Roadmap, and Evidence Pack — all designed for enterprise readiness.
How long does an assessment take?
Typical turnaround is 5–10 business days depending on scope. Simple assessments (1–2 use cases) can be faster; complex enterprise assessments may take longer.
Do you need access to our code or systems?
No—most assessments don't require it. We work from docs, screenshots, configs, and interviews, plus user-side testing for LLM behavior. Deeper access is optional and agreed in scope.
Can we do this under NDA?
Absolutely. We work under NDA and handle all sensitive information with strict confidentiality. We can sign your NDA or provide our standard agreement.