Readyloop

Controls & evidence

Use the curated ISO/IEC 42001 control board and attach proof you can defend.

Open /app/controls. Readyloop ships a focused control set (not every Annex A row)—the ones that unblock buyers and audits fastest. Evidence is edited on the ISO lens; EU AI Act and NIST AI RMF lenses show the same proof remapped.

Control statuses

  • Open — not started
  • In progress — work underway
  • Evidenced — operating proof attached
  • N/A — out of scope for your AIMS (use sparingly; be ready to explain)

Attach evidence

  1. Open a control → Evidence
  2. Add a title (e.g. “AI Acceptable Use Policy v2”)
  3. Paste a stable URL (Notion, Drive, GitHub, dashboard deep link)
  4. Optional: set the collected date if the proof is older than today
  5. Mark the control Evidenced when the link is real and current
On attach, Readyloop fingerprints the pointer and attempts to archive a snapshot of the URL body (SHA-256 of the bytes, up to 2MB). Private Notion / Drive links often fail fetch—use Upload snapshot when that happens. Evidence older than 90 days is flagged stale—use Refresh to re-verify and re-capture.

Good evidence examples

  • Written AI policy with owner named
  • Risk / impact assessment for a high-tier system
  • Human oversight runbook with escalation path
  • Production monitoring or eval dashboard
  • Incident process doc + recent review notes

Gaps on Overview

Overview surfaces open controls, systems missing owners, and evidenced controls whose latest proof is older than 90 days. Use that list as your weekly ops agenda.