AI Governance module
Govern the AI you use, not just the AI you build
Inventory every AI use case, classify its risk, and run treatments through the same workflows as the rest of your program. A certifiable AI Management System (AIMS) mapped to ISO 42001, NIST AI RMF, and the EU AI Act — including the agents running inside episki itself.
What you get
Agent & use-case registry
Inventory every AI use case across vendors, internal builds, and shadow AI — with a risk tier and an accountable owner for each.
AI-specific risk treatments
Run AI risks — bias, hallucination, data leakage, model drift — through the same acceptance, mitigation, and transfer workflows as your risk register.
Certifiable AIMS (ISO 42001)
Operationalize an AI Management System modeled on the ISO 27001 ISMS pattern, with the Annex A operational controls covering the full AI lifecycle.
Crosswalked to NIST AI RMF & the EU AI Act
Map controls once and reuse evidence across ISO 42001, the NIST AI Risk Management Framework, and EU AI Act obligations.
Vendor AI assessment
Capture how your subprocessors use AI on your data — training, retention, and model provenance — alongside your TPRM reviews.
Governs episki's own agents
The same registry and approval floors that govern your AI also govern the agents running inside episki — allowlists, safety floors, and a full audit trail.
Agents at work
Agents that help you govern agents
AI Governance ships agent skills tuned to the AIMS lifecycle.
- Draft AI use-case descriptions and risk classifications from a short intake
- Suggest treatments and acceptance language for AI-specific risks
- Map AIMS controls across ISO 42001, NIST AI RMF, and the EU AI Act
- Flag AI use cases that drift out of their approved scope
Frameworks supported
ISO 42001 (AI Management System)NIST AI RMFEU AI ActISO 27001 (security overlap)
Pricing for this module
AI Governance
Includes +1M tokens/month
Adds 1M tokens/month to the workspace pool.
$6,000
/year · $600/mo
AI Governance — frequently asked questions
{
"AI Orchestration is the runtime that runs work inside episki — it's included in the Compliance Platform": {
" AI Governance is a module for governing the AI your whole organization uses": "a registry of AI use cases, AI-specific risk treatments, and a certifiable AI Management System. It also governs episki's own agents."
}
}
Yes. It operationalizes an AI Management System (AIMS) modeled on the ISO 27001 ISMS pattern, with the ISO 42001 Annex A operational controls, and crosswalks to NIST AI RMF and the EU AI Act so evidence is reusable across all three.
It's a separate module added on top of the Compliance Platform, and it adds 1M tokens/month to your workspace pool. See the pricing page for current rates.
More on AI Governance
Autonomous GRC and the new shape of the compliance program
Autonomous GRC isn't AI doing your job. It's a program structure where the platform operates the lifecycle and humans gate the decisions. Here's what that means in practice — and what it doesn't.
AI Governance and Compliance: What Every SaaS Company Needs to Know
A practical guide to AI governance for SaaS companies – covering regulatory requirements, model documentation...
AI-Powered GRC: A Practical Guide to Automating Compliance Work
Where AI actually helps in GRC — from evidence collection and control testing to report drafting and risk scoring — and where human judgment still matters.
Put your AI program under management
Add AI Governance and let an agent draft your first AI use-case inventory in minutes.
