S.C.A.L.E.™ Diagnostic

Do you actually know how well your AI is governed?

Most organisations are adopting AI faster than they are governing it. Ownership is unclear, evidence is scattered, and when a board or regulator asks for proof, nobody has one view. The Governance Confidence Score gives you that view in 25 questions: a 100-point score computed directly from your answers, so a CEO understands it in 30 seconds and an auditor can trace every point.

Five domains, 20 points each.

Each domain asks one question and checks five controls. Every control is answered No (0), Partially (2), or Yes (4), and each is mapped to ISO/IEC 42001, the NIST AI RMF, or the EU AI Act, so the score has an auditable basis rather than a vibe.

S

System Inventory

Do you know every AI system operating in your organisation?

  • S1A complete AI inventory exists
  • S2Every AI system has a defined business purpose
  • S3Every AI system has a named owner
  • S4Vendors and suppliers are recorded
  • S5The inventory is reviewed every quarter

C

Control & Classify

Do you understand which AI systems present the greatest risk?

  • C1Every AI system has a documented risk assessment
  • C2AI systems are classified by risk level
  • C3Personal data usage has been identified
  • C4Human impact has been assessed
  • C5Governance controls match the level of risk

A

Assign Accountability

Does every AI system have someone accountable for its use?

  • A1An executive sponsor is assigned
  • A2A business owner is assigned
  • A3A technical owner is assigned
  • A4Human oversight is defined
  • A5An AI governance committee exists

L

Leverage Responsibly

Are employees using AI safely and responsibly?

  • L1An AI policy is published
  • L2Staff are trained on AI use
  • L3Prompting and data-handling guidance is available
  • L4AI incidents can be reported
  • L5AI usage is reviewed regularly

E

Evidence & Assurance

Can you prove your AI governance to a regulator, customer, or board?

  • E1Governance evidence is documented
  • E2An audit trail is maintained
  • E3The board receives AI governance reports
  • E4Governance documentation is current
  • E5A governance improvement plan exists

What you get back.

A worked example. The score below is computed by the same engine that scores real assessments; the narrative, priority actions, and 90-day roadmap are generated around it, never the other way round.

Illustrative sample · Governance Confidence Score

68/100

Managed

S

System Inventory

18/20

C

Control & Classify

14/20

A

Assign Accountability

10/20

L

Leverage Responsibly

14/20

E

Evidence & Assurance

12/20

Executive summary

This organisation knows what AI it runs and has begun classifying risk, which places it ahead of most mid-market firms. The weak links are ownership and evidence: most systems lack a named executive sponsor, the governance committee is informal, and board reporting is occasional. None of these require new technology to fix. With named owners, a standing committee, and a quarterly evidence pack, a Trusted rating is achievable within two quarters.

Establish ownership

Weeks 1–4

  • Name executive, business, and technical owners for each system in the inventory.
  • Approve a one-page committee charter and book the quarterly cycle.

Close the classification gaps

Weeks 5–8

  • Extend risk assessment and human-impact review to the remaining systems.
  • Map each system’s controls to its risk tier and record the exceptions.

Build the evidence rhythm

Weeks 9–12

  • Assemble the first board assurance pack from the audit trail.
  • Publish the governance improvement roadmap and assign each action an owner.

How to read a score.

020CriticalAI is being used with little or no governance. Immediate action is required.
2140High RiskSome governance activities exist, but major weaknesses expose the organisation to operational, legal, and reputational risk.
4160DevelopingCore governance foundations are in place. Significant improvements are still required before governance is reliable.
6180ManagedGovernance is operating effectively. The priority is strengthening consistency, evidence, and oversight.
81100TrustedGovernance is mature, evidence-based, and ready for board, customer, regulator, or auditor scrutiny.

Then the platform does the work.

The score tells you where you stand. The Regis platform closes the gaps it finds: upload your policies for a compliance gap analysis, draft the missing policy language, track findings to sign-off, and keep the evidence trail a board or auditor will ask for. Re-assess each quarter and watch the score move.

Want a guided run with your leadership team? Talk to us about a guided S.C.A.L.E. Sprint.

The Governance Confidence Score is a structured self-assessment. Controls are mapped to ISO/IEC 42001, the NIST AI RMF, and the EU AI Act; a score is not a certification against any of them, and nothing here is legal advice. Outputs stay draft until reviewed by a qualified professional.