S.C.A.L.E.™ Diagnostic
Do you actually know how well your AI is governed?
Most organisations are adopting AI faster than they are governing it. Ownership is unclear, evidence is scattered, and when a board or regulator asks for proof, nobody has one view. The Governance Confidence Score gives you that view in 25 questions: a 100-point score computed directly from your answers, so a CEO understands it in 30 seconds and an auditor can trace every point.
Five domains, 20 points each.
Each domain asks one question and checks five controls. Every control is answered No (0), Partially (2), or Yes (4), and each is mapped to ISO/IEC 42001, the NIST AI RMF, or the EU AI Act, so the score has an auditable basis rather than a vibe.
S
System Inventory
Do you know every AI system operating in your organisation?
- S1A complete AI inventory exists
- S2Every AI system has a defined business purpose
- S3Every AI system has a named owner
- S4Vendors and suppliers are recorded
- S5The inventory is reviewed every quarter
C
Control & Classify
Do you understand which AI systems present the greatest risk?
- C1Every AI system has a documented risk assessment
- C2AI systems are classified by risk level
- C3Personal data usage has been identified
- C4Human impact has been assessed
- C5Governance controls match the level of risk
A
Assign Accountability
Does every AI system have someone accountable for its use?
- A1An executive sponsor is assigned
- A2A business owner is assigned
- A3A technical owner is assigned
- A4Human oversight is defined
- A5An AI governance committee exists
L
Leverage Responsibly
Are employees using AI safely and responsibly?
- L1An AI policy is published
- L2Staff are trained on AI use
- L3Prompting and data-handling guidance is available
- L4AI incidents can be reported
- L5AI usage is reviewed regularly
E
Evidence & Assurance
Can you prove your AI governance to a regulator, customer, or board?
- E1Governance evidence is documented
- E2An audit trail is maintained
- E3The board receives AI governance reports
- E4Governance documentation is current
- E5A governance improvement plan exists
What you get back.
A worked example. The score below is computed by the same engine that scores real assessments; the narrative, priority actions, and 90-day roadmap are generated around it, never the other way round.
Illustrative sample · Governance Confidence Score
68/100
Managed
System Inventory
18/20
Complete visibility
Control & Classify
14/20
Risk is actively managed
Assign Accountability
10/20
Ownership exists but is inconsistent
Leverage Responsibly
14/20
Responsible AI practices established
Evidence & Assurance
12/20
Evidence supports governance activities
Executive summary
This organisation knows what AI it runs and has begun classifying risk, which places it ahead of most mid-market firms. The weak links are ownership and evidence: most systems lack a named executive sponsor, the governance committee is informal, and board reporting is occasional. None of these require new technology to fix. With named owners, a standing committee, and a quarterly evidence pack, a Trusted rating is achievable within two quarters.
Establish ownership
Weeks 1–4
- Name executive, business, and technical owners for each system in the inventory.
- Approve a one-page committee charter and book the quarterly cycle.
Close the classification gaps
Weeks 5–8
- Extend risk assessment and human-impact review to the remaining systems.
- Map each system’s controls to its risk tier and record the exceptions.
Build the evidence rhythm
Weeks 9–12
- Assemble the first board assurance pack from the audit trail.
- Publish the governance improvement roadmap and assign each action an owner.
How to read a score.
Then the platform does the work.
The score tells you where you stand. The Regis platform closes the gaps it finds: upload your policies for a compliance gap analysis, draft the missing policy language, track findings to sign-off, and keep the evidence trail a board or auditor will ask for. Re-assess each quarter and watch the score move.
Want a guided run with your leadership team? Talk to us about a guided S.C.A.L.E. Sprint.
The Governance Confidence Score is a structured self-assessment. Controls are mapped to ISO/IEC 42001, the NIST AI RMF, and the EU AI Act; a score is not a certification against any of them, and nothing here is legal advice. Outputs stay draft until reviewed by a qualified professional.