D
DISC InfoSec
AI Governance · ISO 42001 · NIST AI RMF
Audit-Ready Practitioner-Built v1.0
CISO Edition · Tool Evaluation Scorecard

Know if your AI security stack actually reduces risk — or just looks good in demos.

Most teams buy AI security tools the same way they buy compliance posters: by feature checklist. Then audit hits. Controls aren't mapped. Detections aren't evidenced. The tool detected prompt injection in a sandbox — but no one can prove it works against your traffic, on your models, with your data. This scorecard puts your tool through the questions an assessor will ask.

20
Audit-aligned questions
5×
Risk & control domains
2
Frameworks mapped — NIST AI RMF · ISO 42001
Begin Assessment Book a 30-min review
01 / Context

Tell us what you're evaluating.

Tool name, vendor, and your deployment context shape what "good" looks like. A guardrail layer for an internal copilot has different bar than one fronting customer-facing chat.

ISO 42001
NIST AI RMF
EU AI Act
ISO 27001
SOC 2
HIPAA
PCI DSS
FedRAMP
02 / Assessment

Twenty questions an assessor would ask.

Each answer is weighted by audit impact. "Don't know" counts as a gap — assessors don't accept "we'd have to ask the vendor."

03 / Unlock Report

Your assessment is complete.

Add five details to unlock your maturity score, generate the PDF and detailed text report, and send a copy to DISC InfoSec for a practitioner follow-up. Business email only — we send the report there.

/100
Pending unlock
  • Maturity score & band
  • 4-page PDF report (instant)
  • Detailed text report w/ remediation
  • Top 5 priority gaps, ranked
  • NIST AI RMF + ISO 42001 mappings
  • Practitioner reply < 24h
Personal domains (gmail, yahoo, hotmail, outlook) not accepted.
Report delivered to hd@deurainfosec.com · No newsletter spam · Practitioner reply within 24h
04 / Verdict

Your audit-readiness reading.

Score, risk exposure, top 5 gaps, and the controls those gaps map to. This is the snapshot you'd hand to your auditor — minus the bad surprises.

Report Generated
Your scorecard is ready.
Evaluating: —
0/100
— Maturity Level —

Domain Coverage
Where you're strong, where you're exposed.
Risk Exposure Snapshot
Per-domain residual risk after this tool.
    Top 5 Priority Gaps
    0 gaps

    Want to walk through this with the practitioner who built it?

    30 minutes with DISC — CISSP, ISO 42001 LI, active implementer at a financial-services data room. We'll prioritize your top gaps against your audit timeline and identify which ones need vendor pressure vs. compensating controls.

    Book a 30-min review Email hd@deurainfosec.com
    (707) 998-5164 · www.deurainfosec.com