Tier 2

Full AI Security Review

From £2,500 · 7–10 Working Days

Board-ready. Legally structured. Comprehensive. The Full AI Security Review is a 16-section deep-dive assessment — everything in the Basic, expanded to full framework depth, plus MITRE ATLAS adversarial threat mapping, a complete DPA audit, and a ready-to-issue 13-clause Staff AI Usage Policy.

Includes Everything in Basic, Plus:

Complete AI tool inventory
EU AI Act risk classification
OWASP LLM Top 10 assessment
NIST AI RMF & NIST CSF 2.0 maturity snapshot
GRC posture overview
UK GDPR & DUAA 2025 compliance snapshot
Full risk register with immediate free actions
Prioritised remediation roadmap
Dual sign-off: CEO + CTO

Additional Sections in the Full Review

10

MITRE ATLAS Adversarial Threat Mapping

Full adversarial machine learning threat assessment mapped against MITRE ATLAS — the definitive knowledge base for AI-specific attack techniques. Identifies exposure to model inversion, data poisoning, adversarial examples, and AI supply chain attacks.

11

EU AI Act Full Gap Analysis

Article-by-article gap analysis for each AI tool in use. Per-tool, per-article compliance position with specific remediation required to meet obligations under Regulation 2024/1689.

12

NIST AI RMF Full 4-Function Assessment

Full deep-dive across GOVERN, MAP, MEASURE, and MANAGE with specific findings, evidence requirements, and remediation recommendations per sub-category. Establishes a documented AI risk management baseline suitable for board reporting.

13

NIST CSF 2.0 Full 6-Function Maturity Assessment

IDENTIFY, PROTECT, DETECT, RESPOND, RECOVER, and GOVERN functions all assessed at full depth, with scored maturity levels and targeted uplift actions.

14

GRC Framework Scored 1–10

Governance, Risk, and Compliance individually scored on a 1–10 scale with specific, evidenced findings per pillar. Suitable for inclusion in board risk reporting.

15

UK GDPR + DUAA 2025 Full 11-Article Gap Analysis

Eleven-article compliance review covering lawful basis, data subject rights, controller obligations, automated decision-making, international transfers, and DUAA 2025 ADM requirements.

16

Framework Cross-Reference Matrix

A single matrix mapping every finding across all 7 frameworks simultaneously. Where a gap creates exposure across GDPR, EU AI Act, and OWASP simultaneously, it's flagged and prioritised accordingly.

17

DPA Review

All AI tool providers in your inventory reviewed against a minimum-requirements DPA checklist. Gaps, inadequate clauses, and missing agreements identified. Recommendations for remediation provided.

18

13-Clause Staff AI Usage Policy

A legally-structured, ready-to-issue Staff AI Usage Policy covering: permitted tools, prohibited uses, data handling requirements, personal device restrictions, client data protocols, monitoring provisions, and disciplinary framework.

19

90-Day Roadmap with Action Owners

Detailed 90-day implementation plan with named action owners, framework tags, and milestone checkpoints. Suitable for use as a project management document by your internal team.

20

90-Day Reassessment Call

Included as standard. Three months after delivery, we schedule a reassessment call to review progress against the roadmap, identify new AI tool deployments, and update your compliance position.

21

Dual Sign-Off: CEO & CTO — Board Ready

Full Review reports are formatted for board distribution. Signed by both CEO and CTO. Suitable for presentation to directors, investors, or auditors.

Turnaround

7–10 working days from completion of your discovery call.

Get Started — From £2,500Request a QuoteCompare with Basic