Skip to content
IC Inline Code
Book a discovery call

Service · Entry product

AI Governance Posture Assessment

A two-week, fixed-price engagement that produces a written posture report against the NIST AI Risk Management Framework, mapped to APRA CPS 234, CPS 230, and ISO/IEC 42001:2023. Board-ready, regulator-aligned, operationally useful.

Book a discovery call Take the free maturity assessment

Why two weeks

Productised, not open-ended.

Big 4 scoping documents alone often run longer than our entire engagement. We work the inverse pattern: a fixed scope, a fixed price, a fixed duration, and a deliverable specification you can read before you sign.

Ten business days is enough to surface the material gaps. It is not enough to re-engineer your security architecture, and that is by design. The assessment exists to tell you where you stand. The fractional role exists to fix what it surfaces.

Scope

What we cover in ten business days.

01

Discovery

Inventory of AI tooling in use across the organisation. Includes shadow AI: personal accounts, browser extensions, embedded features in existing SaaS. We surface what your asset register does not.

02

Document review

Existing acceptable use policy, contracts with AI vendors, admin console configurations, retention settings, audit log posture. Mapped to NIST AI RMF function categories.

03

Stakeholder interviews

Six to ten focused interviews across risk, security, IT, legal, and one or two business unit owners. Built around evidence, not opinion.

04

Threat modelling

Priority use cases assessed against OWASP Top 10 for LLM Applications and MITRE ATLAS adversarial techniques. We name what could actually go wrong.

05

Gap analysis

Findings mapped to APRA CPS 234, CPS 230, ISO/IEC 42001 controls, and the Australian Privacy Principles. Each finding sized by impact and effort.

06

Reporting and briefing

Written posture report, executive summary suitable for board pack inclusion, prioritised remediation roadmap, and an optional one-hour committee briefing.

Deliverables

What you take away.

  • Posture report (40 to 60 pages)
  • Executive summary suitable for board pack
  • Findings register with effort and owner estimates
  • Prioritised remediation roadmap
  • Threat model summary for priority use cases
  • Optional one-hour board or committee briefing

Engagement parameters

Fixed-fee, fixed-scope.

Investment
AUD 15,000 to 25,000
Final fee scoped at engagement based on organisational size.
Duration
10 business days
From engagement kickoff. Two weeks elapsed time.
Lead time
Within 14 days of signature
Scoped SOW issued within two business days of discovery call.

Frameworks

Standards we deliver against.

NIST AI RMF 1.0 ISO/IEC 42001:2023 APRA CPS 234 APRA CPS 230 Australian Privacy Principles OWASP Top 10 for LLMs MITRE ATLAS ASD Essential Eight

Get started

Two weeks to a board-ready answer.

Discovery call, fixed-fee SOW, kickoff, ten business days of delivery, then a decision on what comes next.

Book a discovery call Free maturity assessment