Regulatory evidence
FRIA Lite + Colorado Consumer-Rights Forms
A lightweight evidence starter for teams documenting AI impact, consumer-rights handling, and annual review readiness under Colorado-style deployer obligations.
Open preview →Editable AI governance workbooks, policy templates, evidence trackers, board reporting artifacts, and Agentic AI/MCP governance controls for lean teams that need implementation evidence without enterprise SaaS overhead.
Editable implementation artifacts · Direct invoice delivery · No platform lock-in
Engineered by Abhishek G Sharma, ISO 42001 Lead Auditor · 9 professional certifications · 20+ years in cybersecurity and risk management. Artifacts are organized around primary standards and public framework language. Final use should be validated with qualified legal, audit, or regulatory advisers. Also the architect of EU AI Compass - 28 free EU AI Act compliance tools.
Start with public artifacts that prove the Move78 implementation evidence model: regulatory evidence, executive reporting, and agentic AI governance.
A lightweight evidence starter for teams documenting AI impact, consumer-rights handling, and annual review readiness under Colorado-style deployer obligations.
Open preview →A sample executive deck showing how to brief leadership on AI inventory, risk posture, regulatory exposure, agentic AI risk, and next governance decisions.
Open preview →A one-page operating model for governing AI agents, MCP servers, tools, skills, human override, kill-switches, evidence records, and incident escalation.
Open preview →ACT-1 is the baseline kit. ACT-2 Professional is the flagship product because it adds the operating artifacts buyers need to brief management, answer customer due-diligence questions, govern Agentic AI/MCP risk, and move from gap identification to evidence ownership.
Use ACT-1 only when the buyer needs a first inventory, risk register, and control baseline. Use ACT-2 when they need the operating system.
Governance, acceptable use, risk, incident, vendor, and operating documents.
Evidence tracker, board reporting pack, implementation plan, and progress structure.
Agent autonomy, MCP approval, OpenClaw-relevant controls, override, and incident evidence.
A practical path from artifacts to implementation, with Sprint support available after ACT-2.
Move78 sits between static document sellers and demo-gated SaaS. The product is an editable implementation backbone: inventory, risk register, cross-framework controls, evidence tracker, board reporting, and Agentic AI/MCP/OpenClaw governance artifacts that a lean team can own internally.
Templates give you documents. Move78 gives you decision-ready implementation artifacts connected by a control matrix and operating workflow.
You keep the files. No platform dependency, no new GRC admin role, no demo cycle before you can start.
Start with the artifacts. Add the Implementation Sprint only if you need guided rollout, tailoring, and evidence review.
Most AI governance programs stall at the same point: the organization purchases an ISO 42001 template pack from one vendor and a NIST AI RMF guide from another, then discovers that no one has reconciled where Clause 6.1.2 overlaps with NIST MAP 1.1. The reconciliation work typically consumes 4-6 weeks and $20,000-$40,000 in external implementation fees.
Existing vendors sell framework-specific document packs: ISO 42001 templates ($199-$699), NIST AI RMF guides, Colorado AI Act checklists. Each operates in isolation. No vendor in the downloadable toolkit category provides a pre-built crosswalk showing how a single control implementation satisfies requirements across multiple frameworks simultaneously.
ACT provides a pre-reconciled unified controls matrix mapping ISO 42001 Clauses 4-10, NIST AI RMF's 72 subcategories, and Colorado AI Act evidence alignment requirements into a single implementation pathway. All artifacts are derived from primary standard documents by a certified ISO 42001 Lead Auditor. Implement one control. Satisfy three frameworks.
The unified controls matrix is the core deliverable of ACT. The table below details framework coverage at each product tier.
| Framework | Tier 1 Starter | Tier 2 Professional | What you get |
|---|---|---|---|
| ISO/IEC 42001:2023 | ✓ Controls matrix + gap checklist | ✓ + Policy templates + audit evidence | Clause 4-10 mapping, Annex A controls, Statement of Applicability guidance |
| NIST AI RMF 1.0 | ✓ Controls matrix + risk register | ✓ + Implementation project plan | All 4 functions (Govern, Map, Measure, Manage), 72 subcategories mapped |
| NIST AI 600-1 GenAI Profile | ✓ Integrated in controls matrix | ✓ + GenAI-specific policy sections | 12 generative AI risk categories with mitigation controls |
| Colorado AI Act (SB 24-205) | ✓ Safe harbor mapping | ✓ + Impact assessment template | Deployer/developer obligations, reasonable care documentation |
| Agentic AI Governance | ✓ 2 free assessments (Tier 0 — Free) | ✓ Dedicated module | OWASP Top 10 for Agentic Applications + LLM Top 10 dual mapping, IMDA framework, autonomy bounding, agent registry, agent compromise response playbook, MCP security governance checklist |
| OpenClaw Security | ✓ 4 free assessments (Tier 0 — Free) | ✓ + Governance in agentic module | OpenClaw security readiness assessment, agent security assessment, enterprise governance checklist, shadow deployment governance check (Tier 0). Open-source agent risk register, agent compromise response playbook, MCP security governance checklist (Tier 2) |
| ACT Tier 3 Implementation Sprint | — | Prerequisite | Structured implementation sprint for buyers of AI Controls Professional, including working sessions, document tailoring, evidence review, and rollout guidance. |
Each tier builds on the last. Start with a free self-assessment, then choose the implementation depth that matches your governance maturity.
Core AI risk & governance artifacts for organizations establishing a formal AI management baseline across ISO 42001, NIST AI RMF, and Colorado AI Act.
Complete AI risk & governance operating system including policy formalization, board reporting, implementation planning, OpenClaw security governance, and the Agentic AI & OpenClaw governance modules.
For organizations that have purchased AI Controls Professional and need a structured implementation sprint, document tailoring, evidence review, and working-session guidance to move from toolkit ownership to operational rollout.
Compare all tiers, pricing, and detailed feature breakdown →
Autonomous AI agents - including the rapidly adopted OpenClaw framework (250,000+ GitHub stars, 9 CVEs disclosed, 135,000+ exposed instances identified in 2026) - introduce governance requirements that traditional frameworks were not designed to address. Agents can plan, execute multi-step workflows, access production systems, and trigger real-world consequences with limited human oversight. The OWASP Top 10 for Agentic Applications for 2026 and Singapore IMDA's Agentic AI Governance Framework (January 2026) reflect this shift. AI Controls Professional includes a dedicated agentic governance module - the only purchasable static toolkit in this category.
EU AI Compass is a separate, free platform with 28 browser-based compliance tools and 24 pillar guides focused exclusively on the EU AI Act. No login or data collection required. The AI Controls Toolkit (ACT) covers ISO 42001, NIST AI RMF, agentic AI, and US state regulation.
Visit EU AI Compass →The AI Controls Toolkit (ACT) is a structured AI governance package delivered as editable implementation workbooks and templates. The core deliverable is a unified controls matrix that helps teams map ISO/IEC 42001, NIST AI RMF, and Colorado AI Act evidence alignment into one implementation pathway. It is file-based, not a SaaS platform.
ACT-1 Starter provides the foundation: controls matrix, AI system inventory, gap analysis checklist, and risk register. ACT-2 Professional adds implementation-grade materials such as policy templates, board reporting, vendor diligence, FRIA support, and agentic AI / OpenClaw governance modules. Teams facing customer diligence or board reporting should evaluate ACT-2.
Yes. ACT is designed to help teams organize evidence against recognized AI risk frameworks such as ISO/IEC 42001 and NIST AI RMF, which are relevant to Colorado AI Act risk management expectations. This is implementation support only. It is not legal advice, a legal opinion, or a guarantee of safe-harbor treatment.
Move78 ACT is built by Move78 International Limited under the direction of Abhishek G Sharma, a cybersecurity and AI governance practitioner with ISO 42001 Lead Auditor, ISO 27001 Lead Auditor, CISA, CISM, CRISC, CEH, CCSK, CAIGO, and CAIRO credentials. Buyers should still validate all artifacts against their own legal, audit, and operational context.
No. ACT can support ISO 42001 readiness, customer diligence, internal AI governance, board reporting, vendor review, and evidence organization even when certification is not the immediate goal. Certification is one possible use case, not a prerequisite.
An enterprise GRC platform can be useful when a team already knows its AI systems, owners, controls, workflows, and evidence model. Many SMEs need the evidence architecture first. ACT gives the team editable artifacts before committing to platform configuration, subscription cost, and operational overhead.
Over 20 free assessments covering AI governance, Colorado AI Act, ISO 42001, NIST AI RMF, OpenClaw security, agentic AI governance, and emerging regulations. Each takes 5-15 minutes and generates a prioritised action plan. No login required.
Move78 ACT provides editable AI governance implementation evidence for SMEs and technical teams. Pick the route closest to your role, then decide whether ACT-1, ACT-2, or an implementation sprint fits the gap.
Build a credible AI governance baseline without hiring a full GRC team.
Turn scattered AI activity into evidence registers, policy artifacts, and owner-led workflows.
Map shadow AI, vendor risk, agentic workflows, MCP exposure, and OpenClaw governance.
Reuse structured client-delivery artifacts without rebuilding cross-framework evidence packs.
See how Move78 maps source frameworks into editable artifacts, review notes, and claim boundaries.
Review invoice, bank-transfer, delivery, support, refund, and licensing expectations before purchase.