Readyloop

Framework lenses

One inventory and evidence library—many AI governance lenses.

Readyloop stores evidence against a curated ISO/IEC 42001 control board. Other frameworks are lenses: the same systems and proof, remapped for EU AI Act deployer duties and NIST AI RMF functions.

We stay in the AI governance lane. Readyloop is not a SOC 2 or ISO 27001 product—those belong to fuller GRC stacks when you outgrow a focused workspace.

ISO/IEC 42001 (source of truth)

Edit statuses and attach evidence only on the ISO lens in /app/controls. Other lenses derive readiness from those mapped controls.

EU AI Act — deployer

  • Set EU role (deployer / provider / both) and risk-class hint per system in Inventory
  • Open the EU AI Act lens on the control board to see Article-oriented obligations
  • Each row links back to the ISO controls that carry the evidence

NIST AI RMF

  • Govern / Map / Measure / Manage cross-map over the same board
  • Use for engineer-friendly language with buyers who ask for NIST
  • No separate certification theater—readiness is the product

Inventory fields that feed every lens

  • Risk tier + EU role / risk class
  • Privacy on the AI system (personal data flag, categories, lawful basis, DPIA URL)
  • Impact assessment (summary, affected groups, mitigations, completed)

Questionnaire packs

From auditor links, choose Questionnaire mode to pre-draft answers for common AI diligence questions from inventory + evidenced controls.