ACT-2 Professional: AI Governance Implementation Evidence Pack
Use ACT-2 when buyers, board members, procurement, risk teams, or technical owners need connected AI governance evidence. It includes the ACT-1 baseline plus policy files, vendor diligence, board reporting, FRIA starter materials, MCP governance, and agentic AI records.
ACT-2 is a file-based implementation evidence pack. It is not SaaS, legal advice, audit assurance, certification support, regulator acceptance, safe-harbor assurance, buyer approval, or security assurance.
Decide in 30 seconds
ACT-2 is the default product when the buyer needs connected implementation evidence, not just a single template or first inventory.
Buyer or board evidence
You need a clear evidence story for management, customers, procurement, or internal assurance teams.
Only first records
You only need a starter inventory, risk register, gap checklist, and acceptable-use baseline.
Need guided rollout
You need help assigning owners, sequencing implementation, and turning the files into a 30-day backlog.
Need SaaS automation
Use a GRC or AI governance platform if the immediate need is live workflow, API integration, logging, or monitoring.
Decision rule
Choose ACT-2 when governance evidence must connect across policy, vendors, board reporting, regulated-use review, and agentic AI.
What you receive
ACT-2 gives the buyer a practical implementation evidence system. It is designed for internal adaptation and ownership.
Implementation workbook
Expanded workbook structure for controls, inventory, risks, gaps, evidence status, owners, and updates.
Policy and procedure files
Governance, acceptable use, risk management, incident response, and vendor diligence procedure coverage.
Board and buyer evidence
Executive-facing evidence summaries, implementation status, decision records, and governance reporting logic.
Agentic AI and MCP records
Agent inventory, tool boundary records, MCP approval logic, oversight logs, escalation triggers, and shutdown prompts.
How ACT-2 extends ACT-1
ACT-2 keeps the baseline evidence model but adds the implementation layer normally missing from simple template packs.
| Need | ACT-1 | ACT-2 |
|---|---|---|
| Baseline records | Inventory, risk register, gap checklist, acceptable-use baseline. | Includes the baseline and connects it to evidence ownership and rollout records. |
| Policy system | Starter acceptable-use baseline. | Policy and procedure set for governance, risk, incidents, vendors, and oversight. |
| Board or buyer evidence | Limited baseline outputs. | Executive reporting, buyer-facing evidence logic, decision records, and implementation status. |
| Agentic AI and MCP | Not the main focus. | Dedicated AI-agent and MCP governance records, escalation triggers, and approval logic. |
Who ACT-2 is not for
Not for single-template buyers
ACT-2 is broader than one policy or one checklist. Use it only when the buyer needs connected implementation evidence.
Not a SaaS or assurance product
ACT-2 does not provide hosted workflow, API integration, live monitoring, legal opinions, certification assurance, audit assurance, or buyer approval.
Choose ACT-2 when the buyer needs implementation evidence.
If the buyer only needs first records, ACT-1 is enough. If the buyer needs sequencing and ownership support, add the Sprint.
Frequently asked questions
These answers help with buying and implementation decisions. They do not provide legal, audit, certification, buyer-approval, or security assurance.
What is ACT-2 Professional?
ACT-2 Professional is the full AI governance implementation evidence pack. It includes the ACT-1 foundation plus policy files, vendor diligence, board reporting, FRIA starter materials, MCP governance, and agentic AI records.
Who should choose ACT-2?
Choose ACT-2 when a buyer, board, auditor, risk owner, procurement team, or technical governance owner is asking for connected evidence, not just a basic inventory or policy.
Does ACT-2 include ACT-1?
Yes. ACT-2 includes the ACT-1 foundation and expands it with implementation depth across policy, vendor evidence, board reporting, FRIA-style review, and agentic AI governance.
Is ACT-2 a SaaS platform?
No. ACT-2 is a file-based evidence pack. It does not provide hosted workflow automation, log ingestion, API integrations, runtime monitoring, access control, or continuous attestation.
Does ACT-2 guarantee compliance or safe harbor?
No. ACT-2 supports evidence preparation and implementation structure. It does not guarantee compliance, certification, audit results, regulator acceptance, buyer approval, Colorado safe harbor, or security outcomes.
When should we add the Sprint?
Add the Sprint when the team needs help assigning owners, sequencing work, reviewing evidence gaps, and building a 30-day implementation backlog from the ACT-2 materials.
Source and review note: This page describes a file-based implementation evidence product. It is not legal, tax, audit, certification, conformity-assessment, buyer-approval, safe-harbor, or security advice. ACT-2 supports evidence preparation and internal implementation ownership.