Hael
Sign inRequest a demo
CERTIFICATION & FRAMEWORKS

Do you align with the NIST AI Risk Management Framework?

Current as of July 2026.
A model answer
Yes — we have adopted the NIST AI RMF as our risk-management method and organised our governance around its four functions. Govern: an approved AI policy, named accountability, and a maintained inventory. Map: per-system context and risk categorisation. Measure: evaluation against the trustworthiness characteristics, with results recorded. Manage: risk treatment, monitoring and incident response. Evidence for each function is available on request.

Evidence a buyer expects

Records mapped to the four functions — not a statement of intent. A reviewer will ask which Govern subcategories you have implemented and what evidences them.

Why weak answers fail

"We are NIST AI RMF compliant" reads, to anyone who knows the framework, as not understanding it — the RMF is voluntary guidance with no certification and no compliance regime. The precise word is aligned, or adopted. Precision here signals maturity; the loose claim signals the opposite.

What Hael produces

Hael produces per-function NIST records (GOVERN, MAP, MEASURE, MANAGE), cross-mapped to ISO/IEC 42001 and the EU AI Act so a single evidence item satisfies several regimes at once.

Related questions

Current as of July 2026. General information, not legal advice.
Free readiness check
See which sections you would fail today.
Free, no sign-up to see your result.
Check your readiness