Package · $2,500 · 1 week
AI Governance Foundation Audit
A focused one-week review of your AI governance posture against NIST AI RMF and Microsoft Foundry's control plane. The report you hand to InfoSec before they ask for one.
A focused one-week review of your AI governance posture against NIST AI RMF and Microsoft Foundry's control plane. The report you hand to InfoSec before they ask for one.
You're standing up an AI use-case review board and need a written baseline of what's already in production, what controls are in place, and where the gaps are.
Legal or InfoSec wants documentation on AI use. You don't have a single artifact that maps your stack against a recognized framework.
You're considering Microsoft Foundry as the governance control plane and want a second opinion on what it covers, what it doesn't, and what the migration looks like.
Inventory of in-flight and shipped AI work · current control posture mapped to NIST AI RMF (Govern / Map / Measure / Manage) · Foundry control-plane gap analysis · risk register.
Concrete actions ordered by exploitability and effort. Each item maps to the specific NIST control it closes, with a recommended owner.
The version you forward upward. Posture grade, top three risks, top three actions, recommended next engagement (if any).
90-minute kickoff. I get read access to the artifacts that matter: Power Platform admin center, Entra ID app registrations, your AI policy doc (if it exists), the use-case backlog.
Map current state to NIST AI RMF. Walk Foundry's controls against what you'd actually need. Flag the things you thought you had but don't.
Write the risk register. Order the remediation list. Draft the executive summary.
60-minute readback with you and any stakeholders you want in the room. Final PDF delivered same day.
This package draws on the same surface I built for a global enterprise's AI governance platform — use-case registry, four-tier RBAC, council review workflow. The audit is the diagnostic; that platform is the build.