AI Boss Tools | Diagnostic 10 • Back to the Hub

AI Governance
Readiness Check

The NIST AI Risk Management Framework organises trustworthy AI around four functions: Govern, Map, Measure, and Manage. Regulators, insurers, and enterprise customers increasingly expect all four. Twelve questions score your organisation against them and show which function needs work first.

12Questions
4NIST Functions
4Readiness Levels
5Minutes

The Four Functions

NIST published the AI Risk Management Framework in January 2023, and it has become the common language of AI governance far beyond the United States. Govern covers accountability, policy, and culture. Map means knowing what AI you have and what it touches. Measure means testing and monitoring it. Manage means acting on what you find.

The framework is voluntary. The pressure to follow it is not: the EU AI Act now imposes binding duties on organisations that deploy AI, and IBM's 2025 breach study found the absence of governance is the norm, with 63 percent of organisations holding no AI policy at all.

Three questions per function. Your report ranks the four and gives each a concrete next step.

Function 01
Govern
Function 02
Map
Function 03
Measure
Function 04
Manage

The Research Behind This Tool

The Govern, Map, Measure, Manage structure this check follows, from the US National Institute of Standards and Technology.

The binding regulatory backdrop: risk-based obligations for AI providers and deployers, phasing in from February 2025.

The cost of the gap: 63 percent of organisations have no AI governance policy, and ungoverned AI use adds real breach cost.