AI accountability

Maintain audit and assurance readiness.

HumanWox helps governance teams maintain the records, reviews, evidence and decisions required for ISO/IEC 42001 and ongoing assurance across their AI systems.

14-day trialNo credit cardData hosted in the UK
HumanWox / Register
4 systems
AI systemOwnerRiskLifecycle
Underwriting AssistantR. PatelHighIn production
Claims Triage ModelM. OwenHighIn production
Fraud Signal ScoringS. AhmedLimitedIn review
Broker CopilotJ. ByrneLimitedPiloting
Attention required
  • Evidence expires in 6 days
    Underwriting Assistant
  • Control test overdue
    Claims Triage Model
  • Deployment approval pending
    Broker Copilot
Always current
Records maintained as systems, risks and controls change.
Named ownership
Every system tied to accountable business, technical and risk owners.
Evidence-backed
Controls linked to signed, timestamped and reviewable evidence.
Assurance-ready
Framework overlays and shareable reports for ISO 42001 and beyond.
01 / Establish

Assign business, technical and risk ownership.

Register each AI system with its purpose, classification and lifecycle status. Assign the people accountable for it: a business owner, a technical owner and a risk owner, together with the reviewers responsible for oversight.

Leadership and auditors can see which systems are governed and who holds responsibility for each.

Systems / Underwriting Assistant
High riskv3.2
Purpose
Assist underwriters with risk pricing recommendations for commercial motor policies.
Lifecycle
In production, monitored monthly
Classification
High risk under Annex III, insurance pricing
Parent system
Underwriting Platform
Owners
Business owner
R. Patel
Head of Underwriting
Technical owner
A. Nakamura
Lead ML Engineer
Risk owner
S. Ahmed
Model Risk Manager
Reviewers
  • D. Cole, Responsible AI LeadQuarterly
  • L. Fernández, Internal AuditAnnually

System profile. Ownership, classification and reviewers on the record.

02 / Maintain

Keep every system current.

Keep the whole portfolio current as systems change: evidence maintained, controls tested on cadence, reviews run and risks treated across every system. The record flags what is due for review before it lapses, so nothing goes stale unnoticed.

Two facts worth stating plainly: evidence reaches Approved only once it is mapped to a requirement, and a reviewer cannot sign off work they own.

01Draft

Authored by the control owner against the AI system it supports.

A. Nakamura3 Apr
02Submitted

Submitted for review, mapped to Control C-08 and a requirement it addresses.

A. Nakamura5 Apr
03Under review

An independent reviewer verifies the mapping. Reviewers cannot sign off work they own.

D. Cole8 Apr
04Approved

Approved only once mapped to a requirement. Hash, version and review date recorded.

D. Cole10 Apr
Obligations, due for review
5 open
  • Control testBias review, Q2in 4 days
  • Evidence reviewModel Test Report v4in 6 days
  • DecisionDeployment approvaloverdue by 2 days
  • Risk treatmentData drift assessmentin 11 days
  • Evidence reviewData Governance Policyin 21 days
Principle
What audit and assurance actually require

Audit readiness is maintained through a governance record that connects each AI system to its accountable owners, applicable risks and controls, supporting evidence and decision history.

Continuous
Kept current as systems, risks and controls change.
Attributable
Every entry linked to a named owner and reviewer.
Verifiable
Signed, timestamped and independently checkable.
03 / Demonstrate

Make governance verifiable.

Produce a report the auditor, the customer and the board can each rely on, drawn from the same record. Every assurance report is signed and independently timestamped, and the reader verifies it themselves at verify.humanwox.com with no login and no account.

Framework coverage is calculated from the risks, controls and evidence the team already maintains, and shows gaps honestly rather than a flattering percentage.

Assurance report
Underwriting Assistant, as of 10 Apr 2026
Scope
Systems, risks, controls, evidence, decisions
Signed by
HumanWox, on behalf of the organisation
Timestamp
eIDAS advanced, 10 Apr 2026 14:22 UTC
Manifest
sha-256 · 9c1a…f8d2
Verify at
verify.humanwox.com/r/UA-2026-04
No login required. Anyone with the link can verify the signature and timestamp.
Framework coverage, ISO/IEC 42001
Live catalogue
  • Clause 4, Context
    8 covered1 partial0 gap
  • Clause 5, Leadership
    5 covered2 partial0 gap
  • Clause 6, Planning
    6 covered1 partial2 gap
  • Clause 7, Support
    9 covered2 partial1 gap
  • Clause 8, Operation
    11 covered3 partial2 gap
  • Clause 9, Evaluation
    4 covered2 partial1 gap
  • Clause 10, Improvement
    3 covered1 partial0 gap
EU AI Act catalogue also live. Unknowns read as gaps, never as flattering percentages.
04 / Extend

Identify unregistered AI use.

Discover the AI systems in use, including those never registered, through identity-provider scanning and attestation campaigns, and bring them onto the record.

External systems can post events in through an authenticated API, so new AI activity surfaces as work rather than going unnoticed.

Discovered, awaiting registration
4 items
  • IdP scan
    GitHub Copilot for Engineering
    142 users
  • Attestation
    Sales-side pricing script
    Declared by 3 teams
  • Events API
    Claims summarisation prototype
    Posted by MLOps
  • IdP scan
    Notion AI, workspace-wide
    318 users

Discovery surfaces new AI activity as work, not as noise.

Register your AI systems and start the record.

Register each system, assign its business, technical and risk owners, and begin maintaining the evidence, reviews and decisions required for audit and assurance.

14-day trialFull access, no limits
No credit card requiredCancel any time
UK hostedISO 27001 ready
Stay informed

Practical intelligence for AI governance teams.

Monthly analysis of audit readiness, assurance requirements, governance failures and the operating practices emerging across the field.

Direct to inbox. No spam. Unsubscribe anytime.