One 11-tab Excel workbook mapping 120–150 controls across ISO 42001, NIST AI RMF, NIST GenAI Profile, and Colorado AI Act. Assess governance posture across all four frameworks in a single implementation view.
Payments processed by Lemon Squeezy (Merchant of Record). Price increases to $499 after initial launch period.
An 11-tab Excel workbook plus an AI Acceptable Use Policy template. Delivered as a ZIP file via instant download.
Step-by-step workflow guide, terminology key (shall/should/must), tab descriptions with hyperlinks, and FAQ.
The master crosswalk. 120–150 rows mapping all four frameworks into 10 columns with evidence requirements, priority ratings, and implementation notes.
Pre-filtered view for certification-focused teams. All Clauses 4–10 and Annex A controls, sorted by ISO clause number.
Pre-filtered view sorted by GOVERN, MAP, MEASURE, and MANAGE. All 72 subcategories with ISO and Colorado cross-references.
Every deployer and developer obligation with C.R.S. section-level statutory citations. Affirmative defense evidence mapping.
Where ISO 42001, NIST AI RMF, and Colorado AI Act diverge. Conflict descriptions with recommended reconciliation approaches.
Register for cataloguing all AI systems. Pre-configured drop-downs for deployment status, risk classification, and Colorado high-risk determination.
Domain-by-domain compliance assessment. Drop-down severity ratings with conditional formatting. Summary dashboard with gap counts and bar chart.
Structured risk register with 20+ pre-loaded AI risks. 5×5 heat map. Likelihood, impact, risk score formulas, treatment plans, and residual risk tracking.
Single-page visual scorecard. Traffic-light by control domain, overall maturity score, compliance percentage. Auto-populates from Gap Analysis. Screenshot-ready for board reporting.
Complete list of primary sources with version and date. Full legal disclaimer. Every reference in the workbook is traceable to a verified source document.
2-page Word template with red placeholders for organization-specific customization. Covers scope, acceptable/prohibited uses, data handling, and oversight requirements.
Four frameworks reconciled into one controls matrix. Every reference verified against primary source documents.
| Framework | Source | Coverage |
|---|---|---|
| ISO/IEC 42001:2023 | Purchased standard PDF | Every clause (4.1–10.2) and Annex A control (A.2–A.10) |
| NIST AI RMF 1.0 | NIST AI 100-1 (Jan 2023) | All 72 subcategories across GOVERN, MAP, MEASURE, MANAGE |
| NIST AI 600-1 GenAI Profile | Published profile (Jul 2024) | 200+ actions mapped to corresponding RMF subcategories |
| Colorado AI Act (SB 24-205) | Enacted text as amended by SB 25B-004 | All developer and deployer obligations with C.R.S. citations |
Cross-framework reconciliation is expensive. ACT eliminates 80–120 hours of manual mapping.
CTOs, CISOs, DPOs, and compliance leads at technology-centric SMEs (10–250 employees) who need to assess AI governance posture across multiple frameworks without enterprise-scale budgets or 6-month consulting engagements.
ACT Tier 1 is the right starting point for organizations that need to understand their obligations, identify gaps, and build a remediation roadmap — but are not yet ready for full policy formalization and implementation documentation.
Upgrade path. When gap analysis reveals documentation gaps, ACT Tier 2 Professional provides the policy templates, board reporting pack, implementation project plan, FRIA template, and agentic AI governance module needed to close them. Learn more.