Framework lenses
One inventory and evidence library—many AI governance lenses.
Readyloop stores evidence against a curated ISO/IEC 42001 control board. Other frameworks are lenses: the same systems and proof, remapped for EU AI Act deployer duties and NIST AI RMF functions.
We stay in the AI governance lane. Readyloop is not a SOC 2 or ISO 27001 product—those belong to fuller GRC stacks when you outgrow a focused workspace.
ISO/IEC 42001 (source of truth)
Edit statuses and attach evidence only on the ISO lens in /app/controls. Other lenses derive readiness from those mapped controls.
EU AI Act — deployer
- Set EU role (deployer / provider / both) and risk-class hint per system in Inventory
- Open the EU AI Act lens on the control board to see Article-oriented obligations
- Each row links back to the ISO controls that carry the evidence
NIST AI RMF
- Govern / Map / Measure / Manage cross-map over the same board
- Use for engineer-friendly language with buyers who ask for NIST
- No separate certification theater—readiness is the product
Inventory fields that feed every lens
- Risk tier + EU role / risk class
- Privacy on the AI system (personal data flag, categories, lawful basis, DPIA URL)
- Impact assessment (summary, affected groups, mitigations, completed)
Questionnaire packs
From auditor links, choose Questionnaire mode to pre-draft answers for common AI diligence questions from inventory + evidenced controls.