Tier 1
Basic AI Risk Assessment
From £750 · 5–7 Working Days
A full audit of your AI tool usage mapped across six frameworks (seven for recruitment clients, including the Equality Act 2010 and EHRC AI guidance). Identifies every active compliance failure and delivers a clear, prioritised action plan for your business.
What's Included
01
AI Tool Inventory
We document every AI tool in use across your business — by department, by function, and by the data each tool touches. Businesses typically discover tools they weren't aware staff were using.
02
EU AI Act Risk Classification
Each tool in your inventory is classified against the EU AI Act's four-tier risk hierarchy: Unacceptable Risk, High Risk, Limited Risk, Minimal Risk. As a deployer, you carry distinct obligations at each tier. Prohibited applications are flagged immediately. AI literacy (Article 4) applies now; high-risk deployer obligations are phased in from December 2027.
03
OWASP LLM Top 10 (2025) Assessment
All 10 vulnerability categories assessed against your current tool usage and deployment. Includes prompt injection, improper output handling (LLM05), sensitive information disclosure, and data and model poisoning risks.
04
NIST AI RMF & NIST CSF 2.0 Maturity Snapshot
A rapid maturity assessment across NIST AI RMF's four functions (GOVERN, MAP, MEASURE, MANAGE) and NIST CSF 2.0's six functions. Establishes your current baseline and identifies the highest-priority gaps.
05
GRC Posture Overview
Governance, Risk, and Compliance assessed and scored across your current AI usage. Identifies structural gaps in oversight, accountability, and control that create organisational exposure.
06
UK GDPR & Data (Use and Access) Act 2025 Compliance Snapshot
A targeted review of your AI-related compliance position under UK GDPR and the Data (Use and Access) Act 2025 (DUAA). DUAA replaced Article 22 UK GDPR with new Articles 22A to 22D, in force since 5 February 2026, requiring safeguards (notice, representations, human intervention, contest) for AI-influenced significant decisions. Includes lawful basis assessment, DPIA requirement identification, and ADM compliance.
07
Full Risk Register
Every identified risk documented with: risk description, relevant framework, severity rating, likelihood, business impact, and the specific immediate action required to remediate. Every finding includes at least one free action you can take this week.
08
Prioritised Remediation Roadmap
All findings organised into three action horizons: This Week (zero-cost immediate actions), 30 Days (quick-win implementations), and 90 Days (strategic compliance investments).
09
Dual Sign-Off: CEO & CTO
Every Basic Assessment is independently reviewed and signed by our CEO (Rowan Money, commercial delivery and client engagement) and CTO (Govend Abdul-Hameed, technical validation and framework accuracy). Two expert perspectives in one report.
10
One-Page Executive Summary
A board-ready single page presenting your overall risk rating, top three priority findings, and the single most important action to take immediately. Designed to be shared with directors, investors, or compliance leads without requiring them to read the full report.
11
Transparent 5x5 Risk Scoring Methodology
Every risk in your register is scored out of 25 using a defined 5x5 matrix: five likelihood levels multiplied by five impact levels, each with explicit anchors. Scores are never subjective. You receive the scoring matrix alongside every finding so you can challenge, verify, and track changes over time.
Turnaround
5–7 working days from completion of your discovery call.
QuaZarR Security provides risk assessment and guidance, not legal advice.