Governance as a Service
Outsource your AI governance. Keep your speed.
For institutions that need defensible AI governance but don't want to build the function from scratch. We run the operating model, the vendor assessments, the contracts, the Microsoft Purview rollout — and the regulator engagement — while you focus on the AI you're shipping. Delivered from Johannesburg, serving clients globally.
EU AI ActNIST AI RMFISO/IEC 42001POPIA · GDPRFSCA · FCA · ICOMicrosoft Purview
What we run for you
Six pillars · one accountable team.
AI Governance Operating Model
- Establish your AI governance committee, charter and decision rights
- Define roles aligned to ISO/IEC 42001 (AI Management System)
- Align internal policy to EU AI Act, NIST AI RMF, FSCA, FCA, POPIA, GDPR
- Stand up an AI inventory inside Altara Core — populated for you
Third-Party AI Vendor Assessments
- Assess every AI vendor against a 60-point governance scorecard
- Pull model cards, system cards, DPIAs and audit reports — we chase them
- Risk-tier each vendor (EU AI Act prohibited / high / limited / minimal)
- Issue a regulator-ready vendor file with NAVI's continuous monitoring on top
AI Contracts & Clauses
- Draft and negotiate EU AI Act Article 28 deployer-obligation clauses
- Right-to-audit, data-residency, model-change-notification, kill-switch clauses
- POPIA, GDPR and FSCA-aligned data processing addenda
- Standing playbook for renewals, breach notification and exit triggers
Microsoft Purview Implementation
- Discovery, design and deployment of Microsoft Purview for AI governance
- Sensitivity labels, DLP, Insider Risk and AI Hub configuration
- Integrate Purview signals into Altara Core's risk telemetry
- Knowledge transfer to your in-house teams once we exit
AI Policy, Standards & Training
- Acceptable-use, model-risk-management, generative-AI and HITL policies
- Board, executive and engineering training tracks
- Plain-language ‘what good looks like’ guidance per business unit
- Continuous policy refresh — quarterly, regulator-driven
Regulator Engagement & Audit Readiness
- Pre-examination preparation — FSCA, FCA, ICO, EU AI Office, SEC
- Annex IV technical files, post-market monitoring plans, transparency notices
- Walk-throughs and tabletop exercises with your compliance team
- We sit beside you on the call when it matters
How we deliver
From kickoff to "regulator-ready" — measured in weeks, not quarters.
01 · Diagnose
Two-week onboarding sprint: AI inventory, regulatory exposure, current-state vs target-state maturity score.
02 · Design
Operating model, policy stack and Altara Core tenant configured to your jurisdictions, frameworks and risk appetite.
03 · Deliver
We run the day-to-day — vendor assessments, contract reviews, Purview rollout, training — with our team embedded into yours.
04 · Defend
Audit-ready evidence on tap. NAVI keeps the governance file warm so any regulator request is a one-click export.
For financial services
Banks, insurers, asset managers and fintechs that need AI policy, vendor governance and supervisory engagement — without hiring a 12-person team.
For regulated enterprises
Telcos, energy, healthcare and government suppliers where Microsoft Purview and AI policy must be lived in the data plane — not on a SharePoint.
For AI-first companies
Scale-ups deploying their own AI products that need ISO/IEC 42001-aligned governance to win enterprise deals and regulator engagements.
Have a question?
Tell us where you'd like a regulator to land — we'll show you the path.
A 30-minute scoping call is free. After that, we agree a fixed-fee onboarding sprint and a monthly managed-service plan that fits your risk appetite.
