Sample Evidence Pack preview
Sample Evidence Pack for AI/security questionnaires
This page shows an anonymized Evidence Pack structure. It is not a certification, audit or legal assessment. The goal is to show the logic: question → suggested answer → evidence → limitation.
Questionnaire examples
| Question | Status | Evidence | Limitation |
|---|---|---|---|
| Do you maintain an AI usage policy? | Ready | policy_current.md | Shows policy existence, not every employee action. |
| Can you prove employee acknowledgement? | Ready | policy_ack_summary.csv | Summary of acknowledgements in the covered scope. |
| Do employees receive safe AI use training? | Ready | training_coverage_summary.csv | Training coverage, not AI Act legal assessment. |
| Do you maintain an AI tools inventory? | Ready | ai_tools_inventory_snapshot.csv | Snapshot at export time. |
| Are tools approved, restricted or prohibited? | Partial | ai_tools_inventory_snapshot.csv | Depends on review completion for each tool. |
| Do you define rules for customer/confidential data? | Ready | policy_current.md | Shows policy rules, not independent verification of all data flows. |
| Do you maintain an AI risk baseline? | Ready | risk_baseline_summary.csv | Baseline is not an enterprise risk assessment. |
| Do you keep an audit trail? | Ready | audit_digest.csv | Captures selected governance actions. |
| Is the Evidence Pack PII-minimized? | Ready | manifest.json, limitations.md | Minimizes unnecessary personal data, not zero PII in every context. |
| Do you automatically detect Shadow AI? | Missing | — | Shadow AI intake is a reporting workflow, not automatic detection. |