Getting Started on Asenion AI Risk Navigator
1. Purpose
The AI Risk Navigator (formerly Anch.AI platform) helps organizations structure and manage AI risk across their ecosystem. It enables admins to create and manage use cases, assign responsibilities, and track responses, while responders provide input and evidence. Reports consolidate progress, risk status, and accountability.
Role-Based Access
| Role | Permissions | Responsibilities |
|---|---|---|
| Admin/Owner | - Enter EDIT mode to configure ecosystem - Add stakeholders & organizational units - Create AI use cases - Assign responders - Answer questionnaires (self-assignable) - Review submissions - Generate reports | Oversee risk management process, ensure ecosystem is complete, validate responses, and report on overall AI risk posture. |
| Responder | - Access assigned use cases - Answer questionnaires - Upload evidence - Resubmit after revisions | Provide accurate responses and documentation for assigned AI use cases. |
Example User Journey
- Admin/Owner enters EDIT mode → adds stakeholders and organizational units.
- Admin/Owner creates a new AI use case → defines metadata and risk scope.
- Admin/Owner assigns questionnaire tasks to Responders.
- Responder completes assigned questionnaires → uploads evidence.
- Admin/Owner reviews responses → requests revisions if needed.
- Admin/Owner finalizes responses → generates risk reports for internal or external stakeholders.
Key Benefits
- Simplicity: Only two roles keep the workflow lightweight.
- Structured Governance: Ecosystem setup ensures accountability by unit and stakeholder.
- Traceability: All questionnaires and responses linked to specific use cases.
- Visibility: Reports provide a clear overview of AI risk status across the organization.
Getting Started on Asenion AI Compliance Monitor
Purpose
The AI Compliance Monitor (formerly Fairly AI platform) enables organizations to configure, register AI use cases, review governance assignments, track, review, audit, and approve AI compliance activities with full accountability. The workflow now includes an AI Governance Owner who ensures correct oversight before the compliance workflow begins.
Role-Based Access
| Role | Permissions | Responsibilities |
|---|---|---|
| Platform Admin | - Manage accounts & roles - Configure policy/assurance packs - Set workflows - Control access rights | Ensure system governance and alignment with frameworks. |
| Project Owner | - Register new AI project for their team - | Ensure their team’s AI use cases are properly registered. |
| Project Lead (e.g. AI Governance Lead) | - Review AI project registration - Validate policy/assurance pack assignments - Confirm inherent risk tier - Assign responders | Provide governance oversight, ensure correct risk classification, and assign compliance workflow. |
| Responder (tech and non-tech) | - Create/edit responses - Upload evidence for policy assessments or Configure APIs for assurance testing - Resubmit after revisions | Provide initial responses to compliance findings and supporting documentation. |
| Reviewer | - View responder submissions - Comment/request changes - Forward to approver | Validate accuracy and completeness of responses. |
| Approver | - Approve/reject/escalate - Lock records for approval stage | Provide sign-off that responses meet compliance and regulatory expectations. |
| Internal Auditor | - Review approved records - Conduct independent audits - Flag exceptions | Provide assurance of objectivity, enforce adherence to standards, and support external audit readiness. |
| External Auditor | - Audit as an external auditor with view only access and ability to comment. | An external auditor for AI governance plays a similar role to what they do in financial audits or cybersecurity audits, but with a focus on trust, risk, and compliance in AI systems. |
| System | - Auto-assign tasks - Log immutable audit trails - Send notifications | Enforce workflow rules and accountability. |
Example User Workflow
-
Platform Admin sets up roles, approve policy packs and assurance packs, organizational risk thresholds and user permissions.
-
AI Project Owner across organization registers a new AI system (e.g., AI Sentiment Analysis model) → provides metadata.
-
AI Project (Governance) Owner reviews use case registration → validates policy and assurance packs applied to the use case → assigns responders.
-
Non-technical Responder receives assigned assessment (Policy Packs) → drafts response with evidence. Technical Responder receives assigned assessment (Assurance Packs) → set up configs and APIs for testing or sending test results.
-
Reviewer checks submission → sends back for revision or forwards to approver.
-
Approver validates and approves.
-
Internal Auditor independently reviews evidence, approval and compliance record.
-
External Auditor independently reviews evidence, approval and compliance record.
-
AI Compliance Monitor closes the workflow and records full audit trail.
Key Benefits
-
Expanded Oversight: Introduces governance review before compliance tasks begin.
-
Controlled Risk Management: AI Governance Owner ensures correct classification and assignment.
-
Audit-Ready Lifecycle: Logs setup, use case registration, governance, responses, approvals, and audits.
-
Segregation of Duties: Clear responsibilities for admins, product owners, governance, responders, reviewers, approvers, and auditors.
-
Scalable & Flexible: Supports multiple use cases with tailored governance and compliance tracks.