Mercury Security Advisory & Enablement Services — Menu(v1.0, 2025) Mercury provides targeted advisory support to organizations needing governance help beyond the fixed-scope Audit Sprint and Oversight Pack. Services are offered on a time-and-materials or package basis. 1. Procurement & Vendor Assurance Supplier Security Pack Review — $5,000 (flat fee) Review of vendor DPA, SOC…
Mercury Security AI Agent Oversight Pack — SLA & Scope(v1.0, 2025) The AI Agent Oversight Pack provides annual governance assurance for customer-facing and internal AI agents. This document defines the service scope, monitoring cadence, and client responsibilities. 1. Service Scope Covered Agent Types Reception & call answering agents Customer support & FAQ agents Knowledge…
Mercury Security Add-On Catalog — Audit & Oversight(v1.0, 2025) The following add-ons expand the scope of Mercury’s fixed deliverables. Each add-on is pre-priced, documented, and can be added via change request or included in initial contracting. 1. Additional Production Agent Description: Expands the Sprint or Oversight Pack to cover an additional live AI agent…
Mercury Security Sample Statement of Work (SOW)4-Week Audit → Governance Sprint(Illustrative Template, 2025) 1. Overview This Statement of Work (“SOW”) describes the scope, deliverables, timelines, roles, and terms of engagement for the Mercury Security 4-Week Audit → Governance Sprint (“Sprint”). This is a fixed-scope engagement with defined outputs and timelines. 2. Objectives Assess [Client…
Bias & Safety Testing Method Mercury Security | 2025 Introduction Bias and safety testing ensures that AI systems perform consistently across diverse user groups and avoid harmful or misleading outputs. The EU AI Act, GDPR, and NIST AI RMF all stress the importance of testing for fairness, safety, and accountability in AI systems (European…
Hosting & Assurance Overview Mercury Security | 2025 Introduction Assurance is not only about controls inside an AI system but also about where and how the system is hosted. This document outlines Mercury Security’s approach to hosting assurance, explaining the safeguards applied to third-party providers, the data protection commitments in place, and what clients…
Purpose Declaration & Redaction Template (Sample)Mercury Security | 2025 Purpose Declaration (Fill-in Example) “Our AI system [system name] is deployed for [intended use]. It is not intended for [out-of-scope use]. Escalation to a human agent occurs when [criteria].” Redaction Policy Table (Sample Structure) Data Type Redaction Method Notes Name Mask (initials) Only if strictly…
This is a governance artifact to share with clients or regulators to demonstrate how AI-related incidents will be managed. Incident & Escalation Playbook for AI Systems Mercury Security | 2025 Introduction AI incidents—such as unsafe outputs, system failures, or compliance breaches—require structured response processes. Without predefined playbooks, organizations risk delayed responses, unclear accountability, and…
Framework Crosswalk Brief (PDF-style Word draft) Title: Aligning AI Governance Frameworks: A Practical CrosswalkMercury Security | 2025 Introduction Organizations face overlapping requirements when deploying AI systems. The EU AI Act, NIST AI Risk Management Framework, GDPR, and ISO/IEC 42001 all prescribe governance obligations, but in different language. Without a crosswalk, teams duplicate effort or…
AI Agents & Systems — Audit Criteria v1.0 Mercury Security Whitepaper | 2025 Introduction Artificial Intelligence (AI) agents are increasingly used in enterprise environments for customer service, internal knowledge retrieval, workflow automation, and even social media management. As adoption accelerates, so do concerns about compliance, governance, and security. Poorly controlled AI deployments can lead…