AI Governance Program Management

AI governance your auditor can validate — and your board can defend.

A structured 25-control program framework for risk management teams and compliance officers. Generates the policies, evidence packages, and audit narratives independent reviewers require — with a five-level maturity model at every control.

View plans How it works
Your program, fully documented
  • Per-control governance policies
  • Standard operating procedures
  • Implementation checklists
  • Evidence collection packages
  • Completed audit narratives
  • Five-level CMMI-style maturity scores
  • NIST AI RMF subcategory mapping
  • ISO 42001:2023 clause mapping
  • Executive program assessment
  • Audit-ready ZIP package
NIST AI RMF 1.0  ·  ISO 42001:2023  ·  25 controls across Govern, Map, Measure, and Manage  ·  Designed for risk management teams and independent auditors  ·  Customer data stored in your browser only — never transmitted to Automate48 servers
What you get

Everything you need to demonstrate AI compliance

Stop building from blank documents. Start from production-ready, AI-personalized artifacts.

25-control artifact library

Every control generates six tailored artifacts: governance policy, SOP, implementation checklist, log template, evidence package, and audit narrative — each customized to your organization.

AI-guided compliance conversation

A structured AI-guided dialogue — not a static form — draws out the specifics of your environment, probes material gaps when they surface, and iteratively builds artifacts grounded in how your organization actually operates.

AI compliance training

Four structured courses covering the full framework. Assign to employees, track completion, and generate training records for your audit file.

Program maturity tracker

Track progress across all 25 controls with a five-level maturity model. Dashboard view shows where you stand and where to prioritize next.

Program intelligence New

One-click executive program assessment: overall maturity score, domain breakdown table, top 5 priority gaps, and a board-ready narrative summary across your entire program.

Audit package export New

Single-click download of all completed artifacts organized by control, with a program cover narrative identifying the organization, framework alignment, and artifact inventory — formatted for delivery to auditors, regulators, legal counsel, or other interested parties.

Red-flag gap probing New

When your answers reveal a material governance failure — no policy, shadow AI use, no incident process — the AI probes the depth of the gap before moving on, surfacing the real risk exposure rather than accepting a surface answer.

Framework crosswalk New

Every control is mapped to its corresponding NIST AI RMF subcategory and ISO 42001:2023 clause. Surfaced inline during each control interview — no separate spreadsheet required.

Browser-only data storage

Your compliance content is stored exclusively in your browser's local database — never transmitted to Automate48 servers. Full workspace export and import for backups.

The Framework

The AI Compliance Framework

25 controls across four NIST AI RMF domains. Each control generates six audit-ready artifacts, customized to your organization.

Control Govern Map Measure Manage
G-01AI Governance Policy
G-02Roles and Responsibilities
G-03Ethics and Acceptable Use
G-04Vendor Management
G-05Regulatory Compliance
G-06Training and Awareness
M-01Use Case Inventory
M-02Risk Classification
M-03Data Classification for AI
M-04Impact Assessment
ME-01Output Validation
ME-02Monitoring and Alerting
ME-03Bias and Fairness Testing
ME-04Performance Review
ME-05Human Oversight
ME-06Explainability and Transparency
ME-07Trustworthiness Assessment
MA-01Risk Treatment Planning
MA-02Change Management for AI
MA-03Access Controls for AI
MA-04Incident Response for AI
MA-05Vendor Oversight
MA-06Third-Party Assessment
MA-07Stakeholder Communication
MA-08Continuous Improvement Review

Every control includes 6 artifacts

Each artifact is generated through a guided AI conversation and tailored to your organization, industry, and AI use cases.

1
Governance Policy
Formal requirements document defining scope, accountability, and enforcement — suitable for board approval or regulatory submission.
2
Standard Operating Procedure
Step-by-step operational guidance written for practitioners implementing the control in your specific environment.
3
Implementation Checklist
Itemized task list for executing the control, with completion tracking for project management or internal review.
4
Log Template
Pre-structured record-keeping template for capturing ongoing compliance evidence required by this control.
5
Evidence Checklist
Structured inventory of the specific evidence an auditor or regulator expects to see — aligned to the control's requirements.
6
Audit Narrative
Written current-state assessment of your organization's posture against this control, formatted for internal audit, external auditors, or regulators.
Dave Cooper — Founder, Automate48
Dave Cooper
Founder & CEO, Automate48
Built by practitioners, not theorists

19 years of enterprise compliance at the Fortune 100 level — now applied to AI governance

Dave Cooper spent 19 years as a Vice President at one of the largest US banks, where the security and compliance programs he led protected $100T+ in annual transaction throughput across retail banking, commercial payments, and institutional wire systems — spanning a workforce of 200,000+ and approximately one million technology assets. He established multiple governance and compliance functions from the ground up and earned 5 patents for innovation in security automation. His work produced multiple industry firsts — including the first digital identity provider natively trusted by the US Federal Government and the DoD. A contributing member to multiple national information security standards, he represented the firm on global standards bodies worldwide.

Dave was responsible for assessing and implementing AI/ML information security technologies enterprise-wide — prioritizing evaluations, managing implementations, and setting the security posture for AI adoption at scale. He owned the policy stack across IS Risk Management, Data Protection, Cryptography, and Identity and Access Management — including exactly the type of governance artifacts this tool generates: policies, SOPs, implementation checklists, evidence packages, and audit narratives.

He delivered 100% closure on an OCC Consent Order across 550+ deliverables and terabytes of audit evidence, served as NIST/FedRAMP domain delegate, and spent 12 years leading reverse audits of third-party service providers.

The governance discipline built into every control in this framework comes from two decades of building, auditing, and defending programs under federal regulatory scrutiny — not from theory.

CISSP Six Sigma Black Belt ITIL NIST AI RMF ISO 42001 AI Governance Compliance Programs IS Risk Management DevSecOps Internal/External Audits Federal Regulators Reverse Audits AWS AI/ML 5 Patents
Pricing

Straightforward annual pricing

One license per company. Cancel anytime.

Starter
$497
per year
  • 4 AI compliance training courses
  • Certificate of completion
  • Framework overview and control library access
  • Unlimited employee seats for training
  • Training completion records
Get started
Growth — Most popular
$2,997
per year
  • Everything in Starter
  • All 25 control artifact bundles
  • AI assistant (50 sessions/month)
  • Maturity tracker dashboard
  • Program intelligence assessment
  • Audit package ZIP export
  • Framework crosswalk (NIST + ISO)
  • Workspace backup and restore
  • Claude Sonnet AI model
Get started
Audit Ready
$5,997
per year
  • Everything in Growth
  • 150 AI sessions/month
  • Claude Opus AI model
  • Program Mode (bulk intake workbook)
  • Master program ZIP export
  • Cross-control context carry-forward
  • Priority support
Get started

Need a custom arrangement for a larger organization or reseller program? Contact us.