ClariantixClariantix
Master Framework · v1.1

Clariantix Assessment Framework™

The intelligence engine of the Clariantix ecosystem. Every score, dashboard, risk finding, executive recommendation, board report, compliance gap analysis, remediation roadmap, and product recommendation originates here.

Domains
10
Target Questions
1,000
Response Levels
6
Maturity Bands
5

Assessment Domains

Domain 1
Executive Leadership & Governance
15%
Stakeholders
CEO · COO · CIO · CTO · Board Representative · Executive Sponsor
Subdomains
  • Governance Structure
  • Executive Accountability
  • Strategic Alignment
  • Risk Appetite
  • Oversight Processes
  • Board Engagement
Target questions: 75
Domain 2
AI Governance Program
15%
Stakeholders
Governance Team · Risk Team · Compliance Team · Legal · Executive Sponsor
Subdomains
  • Policies
  • Standards
  • Procedures
  • Governance Committees
  • Roles & Responsibilities
  • Approval Workflows
Target questions: 125
Domain 3
AI Inventory & Asset Management
10%
Stakeholders
IT · Business Units · Technology Owners · Procurement
Subdomains
  • AI Inventory
  • Model Inventory
  • Vendor Inventory
  • Data Inventory
  • Asset Classification
Target questions: 75
Domain 4
Security & Cybersecurity
15%
Stakeholders
CISO · Security Team · IT Operations · Infrastructure Team
Subdomains
  • Access Control
  • Authentication
  • Monitoring
  • Threat Detection
  • Incident Response
  • Vulnerability Management
Target questions: 175
Domain 5
Data Governance & Protection
10%
Stakeholders
Privacy · Security · Data Governance · Compliance
Subdomains
  • Data Classification
  • Data Protection
  • Data Retention
  • Encryption
  • Data Loss Prevention
Target questions: 100
Domain 6
Compliance & Regulatory Readiness
10%
Stakeholders
Compliance · Legal · Privacy · Governance
Subdomains
  • AIDA
  • PIPEDA
  • CPPA
  • GDPR
  • EU AI Act
  • ISO 42001
  • ISO 27001
  • NIST AI RMF
  • SOC 2
Target questions: 125
Domain 7
Vendor & Third-Party Risk
5%
Stakeholders
Procurement · Security · Legal · Vendor Management
Subdomains
  • Due Diligence
  • Contracts
  • Monitoring
  • Vendor Assessments
  • Risk Reviews
Target questions: 75
Domain 8
Mobile & Shadow AI Governance
5%
Stakeholders
IT · Security · Department Leaders · Mobile Device Administrators
Subdomains
  • Mobile AI Usage
  • BYOD
  • Shadow AI
  • AI Applications
  • Device Governance
Target questions: 75
Domain 9
Monitoring & Operations
5%
Stakeholders
Operations · Governance · Security · Compliance
Subdomains
  • Monitoring
  • Alerting
  • Reporting
  • Metrics
  • Operational Governance
Target questions: 75
Domain 10
Responsible AI & Ethics
10%
Stakeholders
Governance · Legal · Executive Leadership · Risk
Subdomains
  • Fairness
  • Bias
  • Transparency
  • Explainability
  • Human Oversight
  • Ethical AI
Target questions: 100

Scoring Model

Response Scale
  • 0 · Not Implemented
  • 1 · Planned
  • 2 · Partially Implemented
  • 3 · Implemented
  • 4 · Managed
  • 5 · Optimized
Evidence Modifier
  • No Evidence · -25%
  • Partial Evidence · 0%
  • Verified Evidence · +10%
  • Expert Validation · +15%

Maturity Levels

  • Critical020
  • High Risk2140
  • Moderate4160
  • Managed6180
  • Leading Practice81100

Remediation Horizons

Immediate · 0–30 Days
Short-Term · 30–90 Days
Medium-Term · 3–12 Months
Strategic · 12–24 Months

Accepted Evidence

Policy
Procedure
Standard
Training Record
Audit Report
Contract
Risk Register
Architecture Diagram
Meeting Minutes
System Screenshot
Monitoring Report
Compliance Documentation

Report Generation

AI Trust Score™
Inputs
All Domains
Outputs
Overall Trust Score
Executive Briefing™
Inputs
Executive Leadership & Governance, Compliance & Regulatory Readiness, Security & Cybersecurity, Risk Findings
Outputs
Executive Summary, Risk Heatmap, Benchmarking, Compliance Readiness, Top Risks, Strategic Opportunities, Roadmap, Recommended Clariantix Solutions
Board Summary™
Inputs
Executive Leadership & Governance, Compliance & Regulatory Readiness, Risk Register
Outputs
Board-Level Risks, Governance Maturity, Compliance Exposure, Strategic Recommendations, Investment Priorities
Risk Register™
Inputs
Questions scored 0–2, Missing Evidence, High-Risk Responses
Outputs
Risk Description, Likelihood, Impact, Priority, Owner, Recommendation
Compliance Gap Analysis™
Inputs
Compliance & Regulatory Readiness
Outputs
Framework Requirements, Current State, Gap, Recommendation
Remediation Roadmap™
Inputs
All Findings
Outputs
0–30 Days, 30–90 Days, 3–12 Months, 12–24 Months
Governance Maturity Assessment™
Inputs
AI Governance Program, Executive Leadership & Governance, Monitoring & Operations
Outputs
Maturity Band, Domain Maturity Scores, Capability Gaps
Regulatory Readiness Assessment™
Inputs
Compliance & Regulatory Readiness
Outputs
Framework Readiness Scores, Material Gaps, Priority Actions

Sample Question Bank (17 of 1,000)

EXG-001 · Executive Leadership & Governance · Governance Structure
Does the organization have an approved AI Governance Policy?
Critical
Evidence
Policy, Meeting Minutes
Mapping
ISO 42001 · NIST AI RMF
Remediation
Draft, approve, and publish an enterprise AI Governance Policy with executive sign-off.
EXG-002 · Executive Leadership & Governance · Executive Accountability
Is executive accountability assigned for AI governance?
High
Evidence
Meeting Minutes, Policy
Mapping
ISO 42001 · NIST AI RMF
Remediation
Assign a named executive (e.g., Chief AI Officer) accountable to the CEO and Board.
EXG-003 · Executive Leadership & Governance · Oversight Processes
Is AI governance reviewed by leadership at least annually?
High
Evidence
Meeting Minutes
Mapping
ISO 42001
Remediation
Establish an annual AI governance review with documented outcomes and action items.
INV-001 · AI Inventory & Asset Management · AI Inventory
Has the organization identified all AI systems in production and pilot?
Critical
Evidence
System Screenshot, Architecture Diagram
Mapping
NIST AI RMF
Remediation
Stand up a centralized AI inventory including shadow AI discovery.
INV-002 · AI Inventory & Asset Management · Asset Classification
Are AI systems classified by risk level?
High
Evidence
Policy, Risk Register
Mapping
EU AI Act · NIST AI RMF
Remediation
Apply an AI risk-tier taxonomy (prohibited / high / limited / minimal) to every AI system.
SEC-001 · Security & Cybersecurity · Monitoring
Are AI systems included in security monitoring?
Critical
Evidence
Monitoring Report, Architecture Diagram
Mapping
ISO 27001 · NIST AI RMF
Remediation
Onboard AI systems to the SIEM and define detections for prompt injection and abuse.
SEC-002 · Security & Cybersecurity · Access Control
Are access reviews conducted regularly for AI systems and data stores?
High
Evidence
Audit Report
Mapping
ISO 27001 · SOC 2
Remediation
Conduct quarterly access reviews for all AI tools and underlying data stores.
DATA-001 · Data Governance & Protection · Data Classification
Is AI training and prompt data classified per the enterprise scheme?
High
Evidence
Policy, Architecture Diagram
Mapping
GDPR · PIPEDA
Remediation
Classify all training, fine-tuning, and prompt data using the enterprise scheme.
DATA-002 · Data Governance & Protection · Data Loss Prevention
Are DLP controls in place for AI prompts, outputs, and logs?
Critical
Evidence
Policy, Monitoring Report
Mapping
GDPR · ISO 27001
Remediation
Apply DLP controls to AI prompts, outputs, and logs handling sensitive data.
COM-001 · Compliance & Regulatory Readiness · AIDA
Has AI compliance been assessed against AIDA?
Critical
Evidence
Compliance Documentation
Mapping
AIDA
Remediation
Complete an AIDA readiness assessment and remediate identified gaps.
COM-002 · Compliance & Regulatory Readiness · EU AI Act
Have AI systems been classified against EU AI Act risk tiers?
Critical
Evidence
Compliance Documentation
Mapping
EU AI Act
Remediation
Classify all in-scope AI systems against EU AI Act risk tiers and document obligations.
COM-003 · Compliance & Regulatory Readiness · ISO 42001
Has ISO 42001 readiness been evaluated?
High
Evidence
Compliance Documentation, Audit Report
Mapping
ISO 42001
Remediation
Conduct an ISO 42001 readiness review and develop a path to certification.
VEN-001 · Vendor & Third-Party Risk · Due Diligence
Are AI vendors evaluated against a documented due-diligence framework?
High
Evidence
Contract, Compliance Documentation
Mapping
ISO 42001 · SOC 2
Remediation
Adopt a tiered AI vendor due-diligence framework with documented evidence.
MOB-001 · Mobile & Shadow AI Governance · Shadow AI
Does the organization detect and govern shadow AI usage?
High
Evidence
Monitoring Report, Policy
Mapping
ISO 42001
Remediation
Deploy shadow-AI discovery and an acceptable-use policy with enforcement.
OPS-001 · Monitoring & Operations · Operational Governance
Are AI metrics reported on a defined cadence to governance forums?
Medium
Evidence
Meeting Minutes, Monitoring Report
Mapping
ISO 42001
Remediation
Define KPIs and report AI operational metrics to governance forums on a regular cadence.
RAI-001 · Responsible AI & Ethics · Fairness
Are AI outputs evaluated for bias, fairness, and disparate impact?
High
Evidence
Audit Report, Policy
Mapping
NIST AI RMF · ISO 42001
Remediation
Implement bias and fairness testing on customer-facing and decision-support AI.
RAI-002 · Responsible AI & Ethics · Human Oversight
Is human oversight defined and documented for high-risk AI systems?
Critical
Evidence
Policy, Procedure
Mapping
EU AI Act · ISO 42001
Remediation
Document human oversight roles, escalation, and override procedures for high-risk AI.

The Clariantix Assessment Framework™ is proprietary intellectual property of Clariantix and is continuously expanded as regulations, standards, and AI technologies evolve.