•
Mercury Security Evidence Pack Contents(v1.0, 2025) The Evidence Pack is the backbone of our 4-Week Audit → Governance Sprint. It contains the artifacts you’ll use to demonstrate compliance readiness to boards, regulators, and auditors. All items are delivered in portable formats (PDF/DOCX/CSV/JSON where applicable). 1. Logs & Records Conversation Logs (Redacted): 20–200 sampled interactions,…
•
Mercury Security Inputs Checklist for 4-Week Audit → Governance Sprint(v1.0, 2025) The 4-Week Sprint is a fixed-scope engagement. To begin, we require specific inputs from your team. This checklist ensures we have everything needed to deliver your Audit Report, Evidence Pack, and Board Roadmap on time. 1. System & Environment Access Input Required? Notes…
•
Mercury Security Research Subscription — License & Scope(v1.0, 2025) The Mercury Research & Evidence Library provides organizations with access to whitepapers, crosswalks, and toolkits for AI governance. This document defines the scope of use and licensing terms for subscribers. 1. License Model License Type: Organization-wide. Permitted Users: All employees and contractors working on behalf…
•
This is meant to clarify for clients: What Mercury provides (audit evidence, artifacts, technical notes). What only legal counsel can provide (formal Data Protection Impact Assessments under GDPR). How the two connect. DPIA Companion Notes Mercury Security | 2025 Introduction A Data Protection Impact Assessment (DPIA) is a formal requirement under the General Data…
•
Human-in-the-Loop & Escalation SOP Mercury Security | 2025 Introduction Human oversight is a cornerstone of responsible AI deployment. No AI system should operate without defined escalation pathways that allow humans to intervene in real time. This Standard Operating Procedure (SOP) describes how human-in-the-loop (HITL) oversight is designed, tested, and maintained for AI agents. The…
•
Logging & Retention Policy Mercury Security | 2025 Introduction Effective logging and retention practices are critical for ensuring AI systems are transparent, auditable, and compliant with regulatory expectations. Logs provide the evidence needed to demonstrate accountability, while retention policies ensure that data is stored only as long as necessary and deleted when no longer…
•
Model Card & Change Log Template Mercury Security | 2025 Introduction Model cards and change logs provide transparency into how AI systems are designed, deployed, and updated. A model card describes the system’s purpose, data, and performance, while the change log tracks updates over time. Together, these artifacts demonstrate lifecycle accountability, which is emphasized…
•
Evidence Journal Template Mercury Security | 2025 Introduction An evidence journal provides a structured way to record findings during AI audits. It captures what was tested, what evidence was observed, and whether the result met expectations. Maintaining such a journal demonstrates defensible governance and supports repeatable audit cycles (NIST, 2023; ISO, 2023). How to…
•
Mercury Security Advisory & Enablement Services — Menu(v1.0, 2025) Mercury provides targeted advisory support to organizations needing governance help beyond the fixed-scope Audit Sprint and Oversight Pack. Services are offered on a time-and-materials or package basis. 1. Procurement & Vendor Assurance Supplier Security Pack Review — $5,000 (flat fee) Review of vendor DPA, SOC…
•
Mercury Security AI Agent Oversight Pack — SLA & Scope(v1.0, 2025) The AI Agent Oversight Pack provides annual governance assurance for customer-facing and internal AI agents. This document defines the service scope, monitoring cadence, and client responsibilities. 1. Service Scope Covered Agent Types Reception & call answering agents Customer support & FAQ agents Knowledge…