Getting Started on Asenion AI Governance Platform
Purpose
The Asenion AI Governance Platform (formerly Fairly AI platform) enables organizations to configure, register AI use cases, review governance assignments, track, review, audit, and approve AI compliance activities with full accountability. The workflow now includes an AI Governance Owner who ensures correct oversight before the compliance workflow begins.
The former Anch.AI platform is now part of Asenon AI Governance Platform - AI Risk Intelligence 360.
Role-Based Access
| Role | Permissions | Responsibilities |
|---|---|---|
| System Admin | - At the System level (do not have priviledges to see Org level) Manage accounts & roles - Configure policy/assurance packs - Set workflows - Control access rights | Ensure system governance and alignment with frameworks. |
| Org Admin | - At the Organization or Organization Unit level (do not have priviledges to see System level) Manage accounts & roles - Configure policy/assurance packs - Set workflows - Control access rights | Ensure system governance and alignment with frameworks. |
| Super Admin | - You must explicitly assign user to both System Admin and Org Admin to become a Super Admin with all the priviledges of the respective admin roles. | |
| Project Owner | - Register new AI project for their team - | Ensure their team’s AI use cases are properly registered. |
| Project Lead (e.g. AI Governance Lead) | - Review AI project registration - Validate policy/assurance pack assignments - Confirm inherent risk tier - Assign responders | Provide governance oversight, ensure correct risk classification, and assign compliance workflow. |
| Responder (tech and non-tech) | - Create/edit responses - Upload evidence for policy assessments or Configure APIs for assurance testing - Resubmit after revisions | Provide initial responses to compliance findings and supporting documentation. |
| Reviewer | - View responder submissions - Comment/request changes - Forward to approver | Validate accuracy and completeness of responses. |
| Approver | - Approve/reject/escalate - Lock records for approval stage | Provide sign-off that responses meet compliance and regulatory expectations. |
| Internal Auditor | - Review approved records - Conduct independent audits - Flag exceptions | Provide assurance of objectivity, enforce adherence to standards, and support external audit readiness. |
| External Auditor | - Audit as an external auditor with view only access and ability to comment. | An external auditor for AI governance plays a similar role to what they do in financial audits or cybersecurity audits, but with a focus on trust, risk, and compliance in AI systems. |
| System | - Auto-assign tasks - Log immutable audit trails - Send notifications | Enforce workflow rules and accountability. |
Example User Workflow
-
Platform Admin sets up roles, approve policy packs and assurance packs, organizational risk thresholds and user permissions.
-
AI Project Owner across organization registers a new AI system (e.g., AI Sentiment Analysis model) → provides metadata.
-
AI Project (Governance) Owner reviews use case registration → validates policy and assurance packs applied to the use case → assigns responders.
-
Non-technical Responder receives assigned assessment (Policy Packs) → drafts response with evidence. Technical Responder receives assigned assessment (Assurance Packs) → set up configs and APIs for testing or sending test results.
-
Reviewer checks submission → sends back for revision or forwards to approver.
-
Approver validates and approves.
-
Internal Auditor independently reviews evidence, approval and compliance record.
-
External Auditor independently reviews evidence, approval and compliance record.
-
AI Compliance Monitor closes the workflow and records full audit trail.
Key Benefits
-
Expanded Oversight: Introduces governance review before compliance tasks begin.
-
Controlled Risk Management: AI Governance Owner ensures correct classification and assignment.
-
Audit-Ready Lifecycle: Logs setup, use case registration, governance, responses, approvals, and audits.
-
Segregation of Duties: Clear responsibilities for admins, product owners, governance, responders, reviewers, approvers, and auditors.
-
Scalable & Flexible: Supports multiple use cases with tailored governance and compliance tracks.