Readyloop

AI inventory

Register every model, agent, copilot, and third-party AI tool in scope.

Open /app/inventory. Your inventory is the source of truth for what AI you run—and who owns it. The same records feed ISO 42001, EU AI Act, NIST AI RMF, and questionnaire packs.

Add a system

  1. Name — what operators call it (e.g. Support Copilot)
  2. Purpose — what decisions or workflows it influences
  3. Owner email — accountable human (required for clean gaps)
  4. Risk tier — low / medium / high / unknown
  5. EU AI Act role — deployer / provider / both / unknown
  6. EU risk class hint — minimal / limited / high / prohibited / unknown
  7. Vendors / models — OpenAI, Anthropic, internal, etc.

Privacy & impact (optional, per system)

  • Personal data flag, data categories, lawful basis notes, DPIA URL
  • Impact assessment: summary, affected groups, mitigations, completed
  • Frame as privacy/impact on this AI system—not standalone GDPR GRC

What to include

  • Customer-facing agents and copilots
  • Internal AI that influences hiring, credit, support, or ops decisions
  • Eval / monitoring pipelines that gate releases
  • Third-party SaaS AI features you rely on in production
Tip: start with systems buyers ask about. You can expand the inventory as shadow AI shows up.

Keep it current

Update owners when people change roles. Revisit risk tiers and EU class after major launches. Later you can sync inventory via the Evidence Contract (`system.upsert` events) so deploys keep the register fresh.