2 week AI Audit
AI AuditVisibility, risk, outcomes.AI TransformationCapture AI value across workflows.AI GovernanceContinuous evidence, not paperware.AI FluencyWorkforce that compounds.AI engineeringBuild AI inside your product.EvalsContinuous evaluation in production.All servicesThe full service map.
Not sure where to start?Take the 5-min maturity assessment →Maturity modelOpen assessment
By industry
Private equityPortfolio-wide value capture.Regulated financeThe finance umbrella.Banks & capital marketsRegulator-defensible under SR 11-7.FintechShip trusted AI fast.Asset & wealthFor advisors and ops.REITs / real estateAI-driven NOI uplift.InsuranceUnderwriting + claims, instrumented.
Field notes, scorecards, compliance
12 LeversWhere value capture shows up.Baseline problemWhy measurement collapses.Adoption → assuranceThe sequence every AI team walks.Adoption scorecard9 proxies. 5 minutes.All scorecardsFour 8-minute scorecards.Compliance frameworksISO · NIST · EU AI Act · AIUC-1.Resources hubAll chapters and field notes.
Featured chapter
The 12 Levers of Enterprise AI Adoption.
Twelve places where AI value capture actually shows up, each mapped to who owns it and what good looks like.
Read more →

AIUC-1, mapped to your operating evidence.

How AIUC-1 controls map to TrustEvals operating outputs. Built for finance auditors and risk teams.

The control map

Six AIUC-1 categories. One operating output each.

For each control family, what AIUC-1 expects and what TrustEvals produces. The same trace data that drives your operating view.

Data and privacy
AIUC-1 control

Personal data handling, classification, minimization, retention, cross-border flow, data-subject rights.

TrustEvals output

Per-tenant data handling log. Classification + source pointer per interaction. Cross-border flow inventory. Data-subject-request workflow.

Security
AIUC-1 control

Access control, authentication, prompt-injection defenses, tool-call authorization, audit logging.

TrustEvals output

Authorization exception log. Prompt-injection detection rates. Authentication and authorization audit trail per invocation.

Safety
AIUC-1 control

Harmful output filtering, jailbreak resistance, escalation paths, human oversight for consequential actions.

TrustEvals output

Versioned safety baseline. Safety-violation incident log with resolution trace. Human-in-the-loop trigger audit.

Reliability
AIUC-1 control

Groundedness, factuality, multi-turn consistency, performance under load, fallback behavior.

TrustEvals output

Groundedness SLO (rolling 30-day). Multi-turn consistency metric per agent. Documented and tested fallback behavior.

Accountability
AIUC-1 control

Decision provenance, audit logs, human ownership, change history for policy, baseline, prompt, and model.

TrustEvals output

Decision chain per interaction. Human-owner registry. Change log for every policy, baseline, prompt, and model update.

Societal risks
AIUC-1 control

Bias and fairness, demographic parity, impact assessments, disclosure practices.

TrustEvals output

Per-use-case bias evaluation. Versioned impact assessment with named owner. Populated disclosure templates.

How it sits with the others

AIUC-1 is the agent-level standard.

Most finance enterprises running AI at scale want both an organization-level standard and an agent-level standard. Here is how AIUC-1 pairs.

  • ISO 42001. Organization-level.Certifies that your AI management system runs well end to end. Pairs cleanly with AIUC-1 at the agent level. Same evidence, different surface.
  • NIST AI RMF. Risk framework.MEASURE functions map directly to the AIUC-1 evidence. Procurement teams in regulated buyers cite both increasingly often.
  • EU AI Act. Binding law.High-risk system obligations overlap with AIUC-1 reliability and accountability. The same trace data produces Annex IV technical files.
See full compliance coverage →
What a finance auditor accepts

Evidence shape that passes audit.

Three patterns finance auditors actually look for. The same patterns hold whether the standard is AIUC-1, ISO 42001, or SR 11-7.

Versioned baseline per use case.

A signed-off threshold document. Loan underwriting agent and marketing copy agent have different baselines, and the auditor sees both with timestamps and owners.

Trace lineage to a human owner.

Every decision points to the data that informed it, the policy that permitted it, the baseline it was evaluated against, and the human who owns it.

Freshness attestation.

Every artifact timestamped. Evidence current as of today, not last quarter. The auditor can ask what the system was doing yesterday at 3:47 pm and get an answer.

Book the AI Audit.

Thirty minutes to size the discovery surface: employees, devices, SaaS admin access, developer tooling, internal agents, Shadow AI exposure, and the outcome read you need at the end.

FAQ

AIUC-1, asked plainly.

No. Certification is done by AIUC Inc. or an authorized third-party. TrustEvals produces the evidence the certifier needs, plus the evidence that the certification is still accurate next month.

Scope. ISO 42001 is a management-system standard. AIUC-1 is an agent-level standard. Most finance enterprises running AI at scale want both.

Yes. The same evaluation data maps to NIST AI RMF MEASURE functions, ISO 42001 Clause 8 (operation), and EU AI Act high-risk requirements.

Three to five weeks per agent, depending on current instrumentation. Faster if we have already run an AI Audit and the governance foundation is set.