RiskOS governance workspace: role cards change product perspective for leadership, risk, legal, and security review. Live workspace sync is checked from the app; customer go-live still requires production authentication, evidence retention, immutable audit controls, and customer-specific access control.
Start hereChoose a role, run one AI assessment, attach evidence, route approval, then export a board packet.
Use nowCreate AI risk assessment, controls, evidence, approvals, inventory, framework map, and board packet.
Product offerOne AI system assessment, board packet, evidence vault, control owner map, and remediation plan.
Open rollout gates Authentication, evidence retention, tenant storage, audit controls, and customer-specific access.
Must proveProduction auth, evidence retention, immutable audit, tenant storage, and decision ownership.
ResourcesGo-live guide | Security | Support
Suite linksEyeLogs home | All products | Book consultation

AI risk assessment for CEOs and boards

Launch AI features with evidence, approval, and board-ready risk reports.

For teams shipping AI

RiskOS gives leadership one clear workflow: assess the AI feature, attach proof, approve or escalate, export the board report.

Workspace workflow

What governance teams can use today

  • AI risk scoring workflow
  • Company workspace and saved assessments
  • Owner, approver, review date, and status
  • Evidence records with expiry and review state
  • Approval history and audit trail
  • Board report export and print flow

Role view

Open RiskOS from four governance roles.

Role walkthrough

Current role: CEO / Board. Use the role cards to change perspective instantly.

Risk decision lifecycle

Run the AI risk workflow now, from use case to board packet.

Review records
1. Identify use case

Create the AI system profile, owner, approver, review date, and decision boundary.

2. Score risk

Calculate the current score and save it into the AI inventory.

3. Attach evidence

Add one reviewable evidence record with owner, expiry, and linked control.

4. Map controls

Move core control actions into review/ready state for the risk owner.

5. Record decision

Approve the controlled launch in the board decision log.

6. Export evidence

Download the board packet with assessment, evidence, controls, and audit trail.

Adoption review

Run the evidence pack through CEO, risk, legal, and security review.

Approved review records
CEO Board decision and residual risk acceptance
Risk owner Assessment, control owners, score rationale
Legal AI Act, DPA, customer notice, approval boundary
Security Evidence, retention, incident path, testing gaps

This creates a governance review packet. Production rollout still requires configured authentication, evidence storage, and named customer approval.

AI launch risk score 78

High exposure from confidential data, decision support, and regulatory obligations.

Required controls 9

Human oversight, model testing, privacy review, logging, and approval evidence.

Board decisions 3

Launch approval, customer notice, and risk acceptance need executive approval.

Evidence gaps 5

Missing model evaluation, data retention proof, and vendor AI terms.

Governance promise

What RiskOS should replace first

Spreadsheets

Static rows cannot prove who approved the risk, what evidence existed, or what changed before launch.

Slide-only board updates

RiskOS turns live assessment data into board-ready summaries instead of rebuilding decks manually.

Heavy enterprise GRC

RiskOS starts with a focused AI risk workflow for teams that need visibility before they need a huge platform.

Workflow completeness

Governance workflow coverage

Review checklist

Risk workspace

Company setup, saved assessments, roles, and account separation in one workspace.

Live sync check available

Saved assessments

Persistent workflow record

Pre-launch AI assessment

Score AI products before they create legal, safety, privacy, or trust exposure.

Interactive workflow
AI launch risk score 69

Controlled launch recommended after model testing, human oversight, data retention, and legal approval evidence are attached.

Scoring methodology

How the evaluation score is calculated.

Configurable model

RiskOS averages six 0-100 factors: data sensitivity, autonomy, user impact, human oversight, testing evidence, and regulatory exposure. Bands: 0-59 standard review, 60-79 controlled launch, 80-100 executive block until evidence is accepted. Customer rollout can tune weights, thresholds, and evidence rules to policy.

0-59Standard review with periodic control checks.
60-79Controlled launch only after evidence and owner approval.
80-100Executive block until legal, security, and board evidence is accepted.

AI system inventory and shadow AI

Track approved AI, shadow AI, model lifecycle, agent permissions, and vendor AI use in one place.

Known AI systems 0

Approved, launch review, and inventory-stage AI systems.

Shadow AI signals 0

Unapproved tools or unsanctioned AI usage patterns.

Agentic systems 0

AI systems with tool, API, or autonomous action access.

Vendor AI exposure 0

Vendors using AI with company or customer data.

System of record

AI inventory, lifecycle, lineage, and owners

Shadow AI intake

Unapproved AI usage map

Agentic AI risk

Tool access and autonomy controls

Vendor AI risk

Questionnaire and contract exposure

Framework and regulatory mapping

Map AI risks and controls to NIST AI RMF, ISO 42001, EU AI Act, SOC 2, and ISO 27001.

Control action plan

Owners, due dates, and evidence for launch-critical AI controls

Open work

Obligations

Mapped obligations and implementation status

Financial risk

Board-level business exposure

Automation and continuous monitoring

Show how RiskOS reduces manual work through evidence collection, integrations, alerts, and drift monitoring.

Environment: operating workspace Production integrations, evidence retention, audit immutability, and tenant access require implementation before live use.

Evidence automation

Evidence sources requiring connection

Continuous monitoring

Risk drift, model drift, and control alerts

Workflow permissions

Role-specific views and approval locking

Trust maturity

Security and privacy readiness artifacts

Support and escalation

What happens when evidence or backend services fail.

Production requirement
Evidence failure

Mark the evidence record In review, keep the risk blocked from approval, assign owner, and capture the failed source reference.

Backend failure

Show read-only mode, preserve browser backup, retry service health, and escalate to the implementation owner before accepting new approvals.

Escalation path

Risk owner triages within one business day; security handles evidence integrity; legal or executive approver signs residual risk only after recovery.

Enterprise risk score 78

High exposure: AI model governance, cyber disclosure, and third-party resilience.

Open board risks 12

4 require decision before the next AI-enabled product release.

Controls overdue 19

7 linked to customer data, model testing, and cloud infrastructure.

Regulatory changes 8

AI, cyber disclosure, privacy, and vendor concentration updates.

Board view

Top risks by accountability impact

3 critical

Control health

Risk control coverage

AI governance 58%
Cyber resilience 71%
Vendor oversight 66%
Disclosure readiness 84%

Risk heat map

Likelihood by impact

Audit-ready proof

Every risk decision connected to evidence, owner, and approval history.

Approval history and audit trail

Risk leaders need to know who approved what, when, and why.

Approval workflow

Done Assessment created

Owner created AI contract review assistant assessment.

Open Evidence review

Security and legal must approve model testing and data retention evidence.

Pending Executive approval

CEO or board sponsor accepts residual launch risk.

Audit trail

Decision register

Board and executive decisions needed before launch

Board-ready exports

Generate the report a CEO or board actually needs before approval.

Board packet

AI Launch Risk Report

Feature: AI contract review assistant

Risk score: 69

Methodology: Average of data, autonomy, impact, oversight, testing, and regulatory factors on a 0-100 evaluation scale.

Owner: Priya Raman, Product Lead

Approver: General Counsel

Status: Needs evidence

Risk acceptance rationale: Controlled launch requires legal review and human approval before customer-facing use.

Recommendation: Launch only after required evidence is attached and accepted.

Open board decisions

  • Approve controlled launch scope
  • Accept residual privacy risk after data minimization
  • Require model testing before production release

Export formats

Export template Board PDF

Print-ready browser report using the current assessment, evidence, and decision register.

Export template AI assessment report

Uses current assessment inputs to create an executive-readable report.

Export template Audit evidence export

Includes current workspace evidence, open controls, decisions, and audit trail in the exported packet.

Report

AI assessment report

Feature score, data exposure, controls, owner, approver, and launch recommendation.

Report

Board packet

Top risks, open decisions, overdue evidence, and residual risk acceptance summary.

Report

Audit evidence report

Evidence records, approval history, expiry dates, and audit-trail events.

Trust center

A risk product must prove how it protects sensitive evidence.

Launch checklist

Security implementation baseline

  • Role-based access control
  • Organization-level tenancy
  • Audit trail for every material change
  • Encryption in transit and at rest
  • Evidence retention and deletion policy
  • Session timeout and workspace lock

AI advice boundary

RiskOS should recommend controls and evidence gaps. Final risk acceptance remains with company owners, legal counsel, and executive approvers.

Privacy promise

Customer evidence should never be used for model training without explicit written permission. Sensitive documents need strict tenant isolation.

Security artifacts

  • Privacy policy
  • Security overview
  • Data processing terms
  • Subprocessor list
  • Incident response contact

Production backend requirements

  • SSO or passwordless authentication with enforced roles
  • Tenant-scoped database and object storage
  • Encrypted evidence upload, retention, deletion, and legal hold rules
  • Append-only audit log with exportable checksums
  • Health checks, backups, restore process, and incident escalation owner

Backend readiness proof

Public review mode. Run the RiskOS backend or a deployed RiskOS API before using sensitive evidence or approvals.

AuthProduction authentication required
StorageTenant database and encrypted object storage required
EvidenceRetention, deletion, legal hold, and checksums required
ApprovalCustomer risk owner and executive acceptance required

Commercial path

Simple packages for teams that need usable risk governance before enterprise complexity.

India adoption review quote uses INR anchors and excludes taxes, procurement review, and implementation scope. Pricing is indicative only; final commercial quote is localized by country, tax, data-residency, support, and implementation scope.

Starter AI Risk Starter from INR 41,000/mo

For teams launching AI features and needing pre-launch risk review.

  • AI assessments
  • Basic risk register
  • Evidence links
  • Board summary
Growth Board Ready Growth from INR 124,000/mo

For companies that need owner accountability, approvals, and exportable reports.

  • Controls and evidence
  • Approval history
  • Vendor risk
  • PDF exports
Scale RiskOS Platform Custom rollout quote

For regulated teams needing integrations, permissions, and regulatory mapping.

  • Advanced roles
  • Regulation mapping
  • Integrations
  • Priority onboarding

Prepare consultation note

This prepares a local note for the RiskOS workspace. To send a real EyeLogs request, use Book consultation.