CERTIFICATION & FRAMEWORKS
Do you align with the NIST AI Risk Management Framework?
Current as of July 2026.
A model answer
Yes — we have adopted the NIST AI RMF as our risk-management method and organised our governance around its four functions. Govern: an approved AI policy, named accountability, and a maintained inventory. Map: per-system context and risk categorisation. Measure: evaluation against the trustworthiness characteristics, with results recorded. Manage: risk treatment, monitoring and incident response. Evidence for each function is available on request.
Evidence a buyer expects
Records mapped to the four functions — not a statement of intent. A reviewer will ask which Govern subcategories you have implemented and what evidences them.
Why weak answers fail
"We are NIST AI RMF compliant" reads, to anyone who knows the framework, as not understanding it — the RMF is voluntary guidance with no certification and no compliance regime. The precise word is aligned, or adopted. Precision here signals maturity; the loose claim signals the opposite.
What Hael produces
Hael produces per-function NIST records (GOVERN, MAP, MEASURE, MANAGE), cross-mapped to ISO/IEC 42001 and the EU AI Act so a single evidence item satisfies several regimes at once.
Related questions
Current as of July 2026. General information, not legal advice.
Keep reading
More from the answer library.
CERTIFICATION & FRAMEWORKS
Are you certified to ISO/IEC 42001, or do you have a documented roadmap to certification?
Read answer →
CERTIFICATION & FRAMEWORKSHas your AI system been classified under the EU AI Act, and what obligations apply?
Read answer →
OVERSIGHT & CONTROLSHow do you test for bias, and what did the testing find?
Read answer →