Governance¶
Pages for the audience that owns the AI governance program: CISO, Chief AI Officer, Chief Risk Officer, Head of Model Risk, 2nd Line of Defence, and Internal Audit. The developer-first sections elsewhere stay the runtime truth; this section is the program layer.
New to Regulus? Start at Why Regulus for the framing, then come back here.
If you've not read Concepts → What is AI governance? and Concepts → What is GRC? yet, do so first. Pages here lean on that vocabulary.
What lives in this section¶
- Frameworks — how Regulus maps to NIST AI RMF (1.0 + GenAI Profile + Agent Interop Profile), ISO/IEC 42001, ISO/IEC 23894, ISO/IEC 23053.
- Three Lines of Defence — how Regulus serves 1L (engineering), 2L (risk + compliance), 3L (internal audit).
- GRC integration — pluggable adapters that fan Regulus evidence into ServiceNow IRM, OneTrust AI Governance, MetricStream, or a generic webhook receiver.
- Evidence schema — the canonical
GrcEvidenceEnvelopethat all adapters emit. - Program operating model — RACI for an AI governance program with Regulus underneath.
What Regulus is in one diagram¶
┌────────────────────────────────┐
│ Your AI governance │
│ program (off-Regulus) │
│ policy / risk / audit / etc. │
└────────────────────────────────┘
▲
│ evidence flow
│ (GrcEvidenceEnvelope)
│
┌──────────────────┐ ┌───────┴────────┐ ┌──────────────────┐
│ ServiceNow IRM │◄──────┤ Regulus GRC │──────►│ OneTrust / │
│ │ │ adapters │ │ MetricStream / │
└──────────────────┘ └───────┬────────┘ │ Webhook │
│ └──────────────────┘
│
▼
┌──────────────────────────────────────┐
│ Regulus plugins on ADK App │
│ policy / privacy / audit / kill │
│ switch / model risk / residency │
└──────────────────────────────────────┘
│
▼
┌──────────────────────────────────────┐
│ Google ADK 1.x application │
└──────────────────────────────────────┘
Two layers downstream of your program: Regulus enforces controls at runtime; Regulus' adapters fan evidence back upstream into the GRC tool your program already uses.