Mercury Security Research Subscription Terms Effective: September 2025 Introduction Mercury Security provides research papers, governance crosswalks, and templates designed to support compliance, audit, and governance teams. This document outlines the terms for accessing and using Mercury Security’s research subscription service. These terms apply to both annual and lifetime subscription options. Scope of Use Subscribers…
Mercury Security Board Governance Roadmap — Sample Brief(Illustrative Example, 2025) This sample demonstrates the format and level of detail provided to boards at the conclusion of a 4-Week Audit → Governance Sprint. Actual deliverables will be specific to your organization, systems, and evidence. Executive Summary Our audit assessed [Sample AI Agent] for compliance readiness…
Mercury Security Evidence Pack Contents(v1.0, 2025) The Evidence Pack is the backbone of our 4-Week Audit → Governance Sprint. It contains the artifacts you’ll use to demonstrate compliance readiness to boards, regulators, and auditors. All items are delivered in portable formats (PDF/DOCX/CSV/JSON where applicable). 1. Logs & Records Conversation Logs (Redacted): 20–200 sampled interactions,…
Mercury Security Inputs Checklist for 4-Week Audit → Governance Sprint(v1.0, 2025) The 4-Week Sprint is a fixed-scope engagement. To begin, we require specific inputs from your team. This checklist ensures we have everything needed to deliver your Audit Report, Evidence Pack, and Board Roadmap on time. 1. System & Environment Access Input Required? Notes…
Mercury Security Research Subscription — License & Scope(v1.0, 2025) The Mercury Research & Evidence Library provides organizations with access to whitepapers, crosswalks, and toolkits for AI governance. This document defines the scope of use and licensing terms for subscribers. 1. License Model License Type: Organization-wide. Permitted Users: All employees and contractors working on behalf…
This is meant to clarify for clients: What Mercury provides (audit evidence, artifacts, technical notes). What only legal counsel can provide (formal Data Protection Impact Assessments under GDPR). How the two connect. DPIA Companion Notes Mercury Security | 2025 Introduction A Data Protection Impact Assessment (DPIA) is a formal requirement under the General Data…
Human-in-the-Loop & Escalation SOP Mercury Security | 2025 Introduction Human oversight is a cornerstone of responsible AI deployment. No AI system should operate without defined escalation pathways that allow humans to intervene in real time. This Standard Operating Procedure (SOP) describes how human-in-the-loop (HITL) oversight is designed, tested, and maintained for AI agents. The…
Logging & Retention Policy Mercury Security | 2025 Introduction Effective logging and retention practices are critical for ensuring AI systems are transparent, auditable, and compliant with regulatory expectations. Logs provide the evidence needed to demonstrate accountability, while retention policies ensure that data is stored only as long as necessary and deleted when no longer…
Model Card & Change Log Template Mercury Security | 2025 Introduction Model cards and change logs provide transparency into how AI systems are designed, deployed, and updated. A model card describes the system’s purpose, data, and performance, while the change log tracks updates over time. Together, these artifacts demonstrate lifecycle accountability, which is emphasized…
Evidence Journal Template Mercury Security | 2025 Introduction An evidence journal provides a structured way to record findings during AI audits. It captures what was tested, what evidence was observed, and whether the result met expectations. Maintaining such a journal demonstrates defensible governance and supports repeatable audit cycles (NIST, 2023; ISO, 2023). How to…