Skip to main content

CODITECT AI Risk Management Framework

Enterprise-grade AI governance framework aligned with NIST AI RMF 2.0, EU AI Act, and ISO/IEC 42001.

Overview

This framework provides comprehensive policies, standards, and operational guidance for responsible AI development, deployment, and management.

Framework at a Glance

AttributeDetails
Version2.1 (Enhanced)
Documents25 integrated artifacts
Compliance CoverageNIST AI RMF 2.0, EU AI Act, ISO/IEC 42001
Target AudiencesSMB and Enterprise organizations
StatusProduction-ready

Document Portfolio

Core Governance Documents (01-10)

#DocumentPurpose
01AI Governance Operating ModelGovernance structure, bodies, lifecycle
02AI Risk Governance CharterAuthority, mandate, decision rights
03AI Risk Classification Matrix4-tier risk scoring system
04AI Intake Registration FormAI system registration
05Enterprise AI Policy StandardRules, prohibitions, standards
06AI System Card TemplateTechnical documentation
07Algorithmic Impact AssessmentDeep risk assessment (FRIA)
08Implementation Plan 30-60-90Phased rollout roadmap
09GenAI Governance AddendumLLM and agentic AI controls
10Executive SummaryLeadership overview

Extended Compliance Documents (11-25)

#DocumentPurpose
11Gap Analysis 2025 ComplianceCompliance verification
12CODITECT Impact AnalysisPlatform application
13AI-BOM TemplateAI Bill of Materials
14GPAI Compliance FrameworkEU AI Act GPAI requirements
15Third-Party AI Risk ManagementVendor/supply chain
16Continuous Monitoring StandardOperational monitoring
17SMB Quick-Start GuideSimplified implementation
18ISO 42001 Alignment MatrixCertification mapping
19Board Presentation OutlineExecutive presentation
20Training Program CurriculumStaff training
21Vendor Contract Clause LibraryContract templates
22Healthcare FDA Industry AppendixHealthcare/FDA specifics
23Audit Evidence ChecklistAudit preparation
24Worked Examples & Sample TemplatesFilled-out template examples
25Finance Industry AppendixBanking/insurance/securities

Regulatory Compliance

EU AI Act Timeline Readiness

DeadlineRequirementFramework CoverageStatus
Feb 2, 2025Prohibited AI practicesPolicy 3.1Ready
Aug 2, 2025GPAI transparencyDoc 14Ready
Aug 2, 2025AI literacy requirementsDoc 08 3.2Ready
Aug 2, 2026High-risk AI conformityFull frameworkReady
Aug 2, 2027Legacy system complianceTransition guidanceReady

Standards Alignment

StandardCoverage
NIST AI RMF 2.098% (GOVERN, MAP, MEASURE, MANAGE)
EU AI Act98%
ISO/IEC 4200195% (36/38 Annex A controls)
OWASP LLM Top 1095%
SPDX 3.0 AI Profile95%

Quick Start

For SMBs

Start with 17-smb-quick-start-guide.md for a streamlined implementation path.

For Enterprises

Begin with 10-executive-summary.md and follow the 08-implementation-plan-30-60-90.md.

For Healthcare Organizations

Review 22-healthcare-fda-industry-appendix.md for FDA-specific requirements.

For Financial Services

Review 25-finance-industry-appendix.md for SR 11-7, fair lending, and securities requirements.

Looking for Examples?

Start with 24-worked-examples-sample-templates.md for complete filled-out examples across risk tiers.

Getting Started

# Clone with CODITECT ecosystem
git clone https://github.com/coditect-ai/coditect-ai-risk-management-framework.git
cd coditect-ai-risk-management-framework

# Review executive summary
cat docs/framework/10-executive-summary.md

Integration with CODITECT

This framework integrates with the CODITECT AI development platform:

  • Automated Compliance Checks: Framework rules enforced via CODITECT hooks
  • AI System Cards: Auto-generated from code analysis
  • Risk Classification: Automated based on system characteristics
  • Audit Trail: Full traceability via CODITECT context management

License

Copyright (c) 2026 AZ1.AI INC. All rights reserved.

Repository: coditect-ai-risk-management-framework Parent Organization: coditect-ai Owner: AZ1.AI INC | Lead: Hal Casteel