How to run an AI governance gap analysis in 5 steps

Most teams know they need to "do something" about AI governance but struggle to turn overlapping frameworks into a concrete plan. An organization-level gap analysis is the fastest way to get there — it assesses the governance program and controls your organization has in place, independent of any single AI system. Here's how to run one.

1. Define your governance scope

Establish which parts of your organization and which frameworks are in scope. The goal is to assess your governance posture as a whole, not to audit individual systems.

2. Map your current practices

Gather your existing policies, roles, risk processes and evidence — the controls that govern how AI is built and used across the organization.

3. Compare against the frameworks

Assess your governance program against the requirements of the EU AI Act, ISO/IEC 42001 and the NIST AI RMF. Note what you meet and what's missing.

4. Quantify and prioritize the gaps

Score gaps by severity and effort so you can sequence the work. This is the difference between a checklist and a plan.

5. Build a remediation roadmap

Turn the prioritized gaps into owned, time-boxed actions — and re-assess on a cadence.

---

The AI Governance Portal automates steps 3–5 at the organization level: a single assessment scores your governance program across all three frameworks and generates the report and roadmap for you. (Per-system risk classification is a separate, complementary activity.)