Trust Pack.
Starter pages for the person who has to answer prove-it questions from buyers, boards, and auditors. Document the AI systems you ship. Organize the artifacts behind your claims. Run the tabletop you hope you never need. Static pages, your branding, your URLs — nothing hosted by us, nothing phoning home. Readiness scaffolding you fill in with what's actually true at your company.
AI System Card Builder
Document one AI system in one page. 14 fields covering owner, users, inputs, model, human-review point, risk, customer impact, limitations, review cadence. Export markdown or JSON. Aligned with NIST AI RMF and EU AI Act vocabulary — does not satisfy or meet either framework on its own.
Evidence Locker Template
Eight-section scaffold for organizing buyer-facing trust artifacts: policies, vendors, access reviews, architecture, incidents, insurance, accessibility, training. Each section: artifact present, owner, last reviewed, storage location. Download JSON skeleton or markdown index. Organize evidence — not a substitute for audit.
Shadow AI Discovery Checklist
Five discovery categories — network signals, expense reports, SSO grants, browser extensions, voluntary employee interview script. Pairs with the AI Vendor Intake form for the going-forward gate. Backward-looking audit; not surveillance.
AI Vendor Intake Form
Twelve-field intake structure aligned in vocabulary with NIST AI RMF. Your governance team decides outcomes — no pre-set pass/fail criteria. Counterpart to the AI System Card: intake gates new vendors, system card documents what you ship.
AI Incident Tabletop Kit
Six scenario cards plus shared response checklist (detect · contain · notify · document · review). Generic scenarios — no real company names. Print-friendly CSS for quarterly facilitation.
Executive Risk Register Starter
Row template with eight prompted starters across security, AI, vendor, regulatory, operational, financial categories. User-defined likelihood and impact scales. Download CSV or JSON. Structural template — not enterprise risk management consulting.
Subprocessor Disclosure Template
Public-facing subprocessor list + 6-step data-flow narrative + regional notes (GDPR · CPRA · sector overlays). Aligned in vocabulary with GDPR Art. 28, ISO/IEC 27018, SOC 2 CC9.2. Six prompted vendor rows. CSV + JSON download for your trust center.
Vendor AI Disclosure Review
Buyer-side rubric for evaluating an AI disclosure you received from a vendor (their System Card, /.well-known/aeo.json, model card, security questionnaire AI section). 10 dimensions × found/quality/notes → verdict band + strengths/gaps/follow-ups. Counterpart to AI System Card; compounds with AI Procurement Pulse.
How Trust Pack is scoped
What it is: a set of single-page tools and downloadable templates for the person who has to answer trust questions. Each page documents your inputs, gives you a structured artifact, and stays on your own infrastructure.
What it isn't: a compliance certification, a SaaS product, an audit substitute, or legal advice. We don't host your data. We don't see your inputs. Nothing here implies that filling in a template makes you certified or compliant with any framework. Readiness scaffolding only — the audit conversation is still yours to have.
Aligned in vocabulary with NIST AI RMF · EU AI Act · ISO/IEC 42001 · SOC 2 · ISO 27001 · HIPAA · FERPA · GDPR. None of these tools satisfy or meet those frameworks on their own. They organize what you already have so you can have a clearer audit conversation.