•
Logging & Retention Policy Mercury Security | 2025 Introduction Effective logging and retention practices are critical for ensuring AI systems are transparent, auditable, and compliant with regulatory expectations. Logs provide the evidence needed to demonstrate accountability, while retention policies ensure that data is stored only as long as necessary and deleted when no longer…
•
Model Card & Change Log Template Mercury Security | 2025 Introduction Model cards and change logs provide transparency into how AI systems are designed, deployed, and updated. A model card describes the system’s purpose, data, and performance, while the change log tracks updates over time. Together, these artifacts demonstrate lifecycle accountability, which is emphasized…
•
Evidence Journal Template Mercury Security | 2025 Introduction An evidence journal provides a structured way to record findings during AI audits. It captures what was tested, what evidence was observed, and whether the result met expectations. Maintaining such a journal demonstrates defensible governance and supports repeatable audit cycles (NIST, 2023; ISO, 2023). How to…
•
Mercury Security Advisory & Enablement Services — Menu(v1.0, 2025) Mercury provides targeted advisory support to organizations needing governance help beyond the fixed-scope Audit Sprint and Oversight Pack. Services are offered on a time-and-materials or package basis. 1. Procurement & Vendor Assurance Supplier Security Pack Review — $5,000 (flat fee) Review of vendor DPA, SOC…
•
Mercury Security AI Agent Oversight Pack — SLA & Scope(v1.0, 2025) The AI Agent Oversight Pack provides annual governance assurance for customer-facing and internal AI agents. This document defines the service scope, monitoring cadence, and client responsibilities. 1. Service Scope Covered Agent Types Reception & call answering agents Customer support & FAQ agents Knowledge…
•
Mercury Security Add-On Catalog — Audit & Oversight(v1.0, 2025) The following add-ons expand the scope of Mercury’s fixed deliverables. Each add-on is pre-priced, documented, and can be added via change request or included in initial contracting. 1. Additional Production Agent Description: Expands the Sprint or Oversight Pack to cover an additional live AI agent…
•
Mercury Security Sample Statement of Work (SOW)4-Week Audit → Governance Sprint(Illustrative Template, 2025) 1. Overview This Statement of Work (“SOW”) describes the scope, deliverables, timelines, roles, and terms of engagement for the Mercury Security 4-Week Audit → Governance Sprint (“Sprint”). This is a fixed-scope engagement with defined outputs and timelines. 2. Objectives Assess [Client…
•
Bias & Safety Testing Method Mercury Security | 2025 Introduction Bias and safety testing ensures that AI systems perform consistently across diverse user groups and avoid harmful or misleading outputs. The EU AI Act, GDPR, and NIST AI RMF all stress the importance of testing for fairness, safety, and accountability in AI systems (European…
•
Hosting & Assurance Overview Mercury Security | 2025 Introduction Assurance is not only about controls inside an AI system but also about where and how the system is hosted. This document outlines Mercury Security’s approach to hosting assurance, explaining the safeguards applied to third-party providers, the data protection commitments in place, and what clients…
•
Purpose Declaration & Redaction Template (Sample)Mercury Security | 2025 Purpose Declaration (Fill-in Example) “Our AI system [system name] is deployed for [intended use]. It is not intended for [out-of-scope use]. Escalation to a human agent occurs when [criteria].” Redaction Policy Table (Sample Structure) Data Type Redaction Method Notes Name Mask (initials) Only if strictly…