Logging & Retention Policy Mercury Security | 2025 Introduction Effective logging and retention practices are critical for ensuring AI systems are transparent, auditable, and compliant with regulatory expectations. Logs provide the evidence needed to demonstrate accountability, while retention policies ensure that data is stored only as long as necessary and deleted when no longer…
Model Card & Change Log Template Mercury Security | 2025 Introduction Model cards and change logs provide transparency into how AI systems are designed, deployed, and updated. A model card describes the system’s purpose, data, and performance, while the change log tracks updates over time. Together, these artifacts demonstrate lifecycle accountability, which is emphasized…
Evidence Journal Template Mercury Security | 2025 Introduction An evidence journal provides a structured way to record findings during AI audits. It captures what was tested, what evidence was observed, and whether the result met expectations. Maintaining such a journal demonstrates defensible governance and supports repeatable audit cycles (NIST, 2023; ISO, 2023). How to…
Mercury Security Advisory & Enablement Services — Menu(v1.0, 2025) Mercury provides targeted advisory support to organizations needing governance help beyond the fixed-scope Audit Sprint and Oversight Pack. Services are offered on a time-and-materials or package basis. 1. Procurement & Vendor Assurance Supplier Security Pack Review — $5,000 (flat fee) Review of vendor DPA, SOC…
Mercury Security AI Agent Oversight Pack — SLA & Scope(v1.0, 2025) The AI Agent Oversight Pack provides annual governance assurance for customer-facing and internal AI agents. This document defines the service scope, monitoring cadence, and client responsibilities. 1. Service Scope Covered Agent Types Reception & call answering agents Customer support & FAQ agents Knowledge…
Mercury Security Add-On Catalog — Audit & Oversight(v1.0, 2025) The following add-ons expand the scope of Mercury’s fixed deliverables. Each add-on is pre-priced, documented, and can be added via change request or included in initial contracting. 1. Additional Production Agent Description: Expands the Sprint or Oversight Pack to cover an additional live AI agent…
Mercury Security Sample Statement of Work (SOW)4-Week Audit → Governance Sprint(Illustrative Template, 2025) 1. Overview This Statement of Work (“SOW”) describes the scope, deliverables, timelines, roles, and terms of engagement for the Mercury Security 4-Week Audit → Governance Sprint (“Sprint”). This is a fixed-scope engagement with defined outputs and timelines. 2. Objectives Assess [Client…
This is a governance artifact to share with clients or regulators to demonstrate how AI-related incidents will be managed. Incident & Escalation Playbook for AI Systems Mercury Security | 2025 Introduction AI incidents—such as unsafe outputs, system failures, or compliance breaches—require structured response processes. Without predefined playbooks, organizations risk delayed responses, unclear accountability, and…
Framework Crosswalk Brief (PDF-style Word draft) Title: Aligning AI Governance Frameworks: A Practical CrosswalkMercury Security | 2025 Introduction Organizations face overlapping requirements when deploying AI systems. The EU AI Act, NIST AI Risk Management Framework, GDPR, and ISO/IEC 42001 all prescribe governance obligations, but in different language. Without a crosswalk, teams duplicate effort or…
AI Agents & Systems — Audit Criteria v1.0 Mercury Security Whitepaper | 2025 Introduction Artificial Intelligence (AI) agents are increasingly used in enterprise environments for customer service, internal knowledge retrieval, workflow automation, and even social media management. As adoption accelerates, so do concerns about compliance, governance, and security. Poorly controlled AI deployments can lead…