Built to standard.

AI Risk Management Framework

Voluntary framework for building trustworthiness into the design, development, use, and evaluation of AI. Our governance baseline.

Generative AI Profile

Companion to the AI RMF enumerating 12 generative-AI risk categories (confabulation, data privacy, information integrity, security…). Guides every GenAI build.

AI Management System (AIMS)

The certifiable management-system standard for AI. We structure governance, roles, and controls to its requirements.

AI Risk Management

Guidance on managing AI-specific risk across the lifecycle — how we identify, treat, and monitor risk.

Regulation (EU) 2024/1689

Binding, extraterritorial, risk-based AI law (prohibited / high-risk / limited / minimal). We classify and document systems against it.

OECD/LEGAL/0449

Five values-based principles (human-centred, transparent, robust, accountable). The ethical north star for our work.

AI System Life Cycle Processes

Defines the processes for the AI lifecycle (built on 15288/12207). The backbone of how we run engagements.

AI System Impact Assessment

Guidance for assessing AI impact from design through decommissioning. We run an impact assessment before high-stakes launches.

AI Concepts & Terminology

Shared vocabulary and concepts for AI — so requirements, risk, and docs mean the same thing to everyone.

Framework for ML-based AI Systems

Reference framework for AI systems built with machine learning. Shapes our ML solution architecture.

Product Quality Model (SQuaRE)

The product-quality model (now including Safety). We specify, measure, and evaluate systems against its characteristics.

LLM & GenAI application risks

The canonical LLM/agent security checklist (prompt injection, sensitive-info disclosure…). Every agent build is reviewed against it.

Machine-learning security risks

Top risks for ML systems (data poisoning, model inversion, evasion). Guides how we secure training and inference.

Adversarial Threat Landscape for AI Systems

Knowledge base of real adversary tactics & techniques against AI/ML. We threat-model against its TTPs.

Adversarial Machine Learning taxonomy

Taxonomy of attacks and mitigations across the ML lifecycle, including GenAI/RAG/agents. Informs our defenses.

Secure AI Framework

Practitioner framework for securing AI systems end to end. A reference for our AI security controls.

Information Security Management (ISMS)

The certifiable ISMS standard. We design and operate to its controls so security is managed, not improvised.

Information security controls

The control catalogue behind 27001 — the concrete safeguards we implement.

AICPA Trust Services Criteria

Security, availability, confidentiality, processing integrity, and privacy criteria. We build to them and support client attestations.

Secure Software Development Framework

Secure-by-design practices across the SDLC (with the SP 800-218A GenAI augmentation). How we write and ship code.

Cybersecurity Framework

Govern-Identify-Protect-Detect-Respond-Recover. The frame for operational security of what we run.

Application Security Verification Standard

The verification checklist we test web/app builds against before release.

CIS Critical Security Controls

Prioritized, prescriptive safeguards for infrastructure hardening and baselining.

Regulation (EU) 2016/679

EU data-protection law — lawful basis, data minimization, DPIAs, data-subject rights. We engineer to it by default.

California Consumer Privacy Act

US consumer privacy rights and obligations. Honored for US data flows.

Privacy Information Management (PIMS)

Extends 27001 to privacy. Structures how we manage personal data as controller or processor.

Privacy Framework

Foundational privacy principles and terminology that anchor our privacy-by-design.

Cloud security controls

Cloud-specific security guidance. Applied to how we architect and operate on the cloud.

PII protection in public clouds

Protecting personal data processed in the cloud. Applied to client data handling.

45 CFR Parts 160 & 164

US healthcare privacy & security rules. Applied to healthcare AI engagements.

Payment Card Industry Data Security Standard

Security for systems that handle cardholder data. Applied to payments/fintech work.