1
Baseline readiness
Score control maturity, ownership, oversight, and evidence gaps before selecting a deeper path.
Run one focused check, identify the gap, then route the result to a guide, free download, ACT-1, ACT-2, or an implementation sprint.
Do not browse every tool. Choose the pressure source first: board, buyer, vendor, audit, engineering, agent runtime, or regulatory exposure.
Use when the team needs a maturity baseline across controls, owners, evidence, and decision discipline.
Go to readiness tools →Use when unmanaged AI, MCP servers, copilots, plugins, or informal workflows may sit outside governance.
Go to visibility tools →Use when AI features, suppliers, RAG systems, subprocessors, or model/tool supply chains need screening.
Go to vendor tools →Use when agents can call tools, use credentials, execute skills, access MCP servers, or need a kill switch.
Go to agentic tools →Use when MCP servers, permissions, secrets, scopes, and revocation paths need accountable approval.
Go to MCP tools →Use when tool results need to become a decision record, board briefing, risk register, or evidence plan.
Go to result routing →Most teams should not jump straight to the most technical check. Start with maturity and visibility, then move to regulation, vendor exposure, agent autonomy, and evidence conversion.
Score control maturity, ownership, oversight, and evidence gaps before selecting a deeper path.
Find unmanaged AI tools, shadow MCP servers, agents, vendors, and informal workflows.
Screen consequential AI exposure, supplier gaps, data disclosure, AIBOM, and red-team readiness.
Check MCP access, credentials, OpenClaw skills, autonomy, prompt injection, identity, and kill-switch readiness.
Turn results into a workbook, decision record, board summary, ACT pack, or sprint scope.
The tools are not the end product. Their job is to make the next step obvious without forcing every visitor into the same paid offer.
Best when the team needs vocabulary, initial records, and one or two lightweight artifacts.
View downloads →Best when the team needs editable starter controls, registers, and operating documents without a platform.
View ACT-1 →Best when ISO 42001, NIST AI RMF, vendor evidence, board reporting, and agentic AI governance must connect.
View ACT-2 →Best when there is executive pressure, procurement review, regulator-facing exposure, or rollout urgency.
View sprint →Start here when the board, buyer, or internal owner asks whether AI governance is mature enough to defend decisions and retain evidence.
Score governance maturity across 12 control domains and see which evidence areas need attention first.
Open tool →Check whether an AI use case may need stronger review, disclosure, consumer-rights handling, or impact evidence.
Open tool →Use these tools before writing policies or mapping controls. A team cannot govern what it has not identified, assigned, or reviewed.
Find unmanaged AI tools, weak policy coverage, confidential-data exposure, ownership gaps, and visibility blind spots.
Open tool →Find unmanaged MCP servers, local deployments, weak authorization, missing logs, and offboarding gaps.
Open tool →Use these checks when MCP servers, tool registries, credentials, scopes, secrets, and revocation paths need accountable approval.
Create a structured approval record for MCP server onboarding, tool scope, data boundaries, logging, and production readiness.
Open tool →Check MCP credential issuance, scope, secret storage, rotation, revocation, and owner accountability.
Open tool →Use these tools when OpenClaw, NemoClaw, skills, local deployments, incident handling, and containment controls are becoming operational risks.
Score OpenClaw exposure, identity hygiene, skill and MCP governance, logging, kill-switch readiness, and oversight.
Open tool →Score shadow deployment visibility, inventory, credentials, sandboxing, logging, containment readiness, and executive visibility.
Open tool →Review provenance, sandbox testing, permission scope, rollback path, logging, and production fit before installing a skill.
Open tool →Evaluate disable path, credential revocation, isolation, evidence preservation, forensics, rollback, escalation, and board reporting readiness.
Open tool →Use these checks when agents can take actions, call tools, use identity grants, access data, or operate with limited human intervention.
Review autonomy, tool access, human override, evaluation evidence, rollback readiness, monitoring, and owner assignment.
Open tool →Assess disable paths, escalation rules, owner authority, credential revocation, containment testing, evidence retention, and rogue-agent response.
Open tool →Review agent identity boundaries, delegated OAuth grants, privilege scope, approval discipline, revocation ability, monitoring, and ownership.
Open tool →Use these tools when AI risk moves through prompts, RAG stores, vectors, third-party models, AIBOM components, vendor claims, or red-team findings.
Evaluate prompt injection exposure, tool misuse, excessive agency, user-content handling, instruction hierarchy, and control readiness.
Open tool →Assess RAG source trust, embedding scope, sensitive-data leakage, retrieval controls, logging, and disclosure practices.
Open tool →Check model, dataset, tool, vendor, component, and dependency visibility needed for AI bill-of-materials evidence.
Open tool →Assess red-team scenario design, scope coverage, test environment maturity, vendor evaluation, remediation tracking, and deployment pressure.
Open tool →Screen vendor transparency, subprocessors, data retention, security evidence, incident commitments, sensitive-data exposure, and lock-in risk.
Open tool →Start with the AI Governance Readiness Assessment if you do not yet know the strongest gap. Use shadow AI and vendor checks when unmanaged tools or suppliers are the concern. Use MCP, OpenClaw, and agentic AI tools when autonomous agents, tool access, credentials, or kill-switch readiness are the immediate risk.
The tools are designed as browser-based assessment flows with no login requirement. Do not enter secrets, credentials, regulated personal data, confidential customer data, or information your organization has not approved for assessment use.
Use the result as a routing decision. Low-maturity or early discovery results should go to a related guide or free download. Teams needing editable governance records should review ACT-1. Teams with cross-framework, vendor, board, agentic AI, or multi-jurisdiction exposure should review ACT-2 or the implementation sprint.
No. The tools provide operational triage and implementation planning support only. They do not provide legal advice, tax advice, audit assurance, certification assurance, conformity-assessment advice, buyer-approval assurance, or security assurance.
Move to ACT-1 when the team needs editable starter governance artifacts rather than another diagnostic result. Move to ACT-2 when the team needs cross-framework mapping, management evidence, vendor diligence, board reporting, agentic AI governance, or a reusable implementation evidence system.
Consultants and vCISOs can use the tools as structured discovery aids, but they should validate outputs against client context, contracts, applicable law, and professional standards. The tools should not be represented as audit evidence, legal opinion, certification advice, or proof of compliance.
Use the free tools for diagnosis. Use downloads for first evidence records. Use ACT-1 or ACT-2 when the work needs editable implementation artifacts, cross-framework mapping, and management-ready records.
View Free DownloadsCompare ACT TiersSource and review note: This page was last reviewed on 16 May 2026 against the current Move78 public site baseline. It provides operational implementation guidance and product information only; it is not legal advice, tax advice, audit assurance, certification assurance, conformity-assessment advice, buyer-approval assurance, or security assurance. Validate legal, regulatory, contractual, tax, audit, and security decisions with qualified professionals.