AI Governance Certification Platform

Your auditor is going to ask
about AI. Be ready.

Collect evidence from your existing tools, score it against 116 AI governance controls, and get your organisation certification-ready — automatically, without spreadsheets.

Start your assessmentRequest a demo
NIVAI-AGFCertificationISO 42001ReadinessSOC 2 Type IIReadinessISO 27001ReadinessNIST AI RMFReadinessEU AI ActReadinessSA AI ActReadiness
Headquartered in South AfricaServing organisations across Africa and EuropeStandard published at nivai.org

The challenge

Can you answer these questions today?

These are not hypothetical. They are what auditors, regulators, and enterprise customers are asking right now.

Data leakage

Your finance team is pasting customer data into AI right now. Do you know where that data goes — or whether it is training the model?

Data sovereignty

Your AI provider says data stays in your region. Under the CLOUD Act, a US-headquartered provider can be compelled to hand it over regardless.

Shadow AI

Your employees are signing up for AI tools on personal accounts. No SSO. No DPA. No visibility. You have no record it is happening.

Customer trust

Your enterprise customer is asking about AI governance. Right now, most teams answer with a PDF and hope nobody checks.

Audit readiness

Your auditor will ask which AI tools your employees use and where that data goes. Can you answer that today — with evidence?

Board reporting

Your board wants a structured AI risk report. You have policies. You do not have evidence they are being followed.

How it works

Assess now. Certify when ready.

Get your governance score today. Certification-ready when the audit pipeline opens.

01
Available now

Assess today

Connect your tools and run your first assessment in hours. 116 controls across 18 governance domains. See exactly where you stand, what needs fixing, and how to fix it.

  • 116 controls across 18 domains
  • 100 tool connectors
  • Step-by-step remediation guidance
  • Audit-ready evidence pack
02
Launching H2 2026

Get audited

When you are ready, request an independent audit through our founding auditor network. External auditors review your evidence pack directly in the Nitivai Auditor Portal. No back-and-forth email. No spreadsheets.

  • Independent external auditors
  • Direct evidence review
  • Structured finding workflow
  • Founding cohort: H2 2026
03
Upon certification

Get certified

Meet all five certification gates and receive the NIVAI certification. Your badge is publicly verifiable. Your evidence pack is on record.

  • Five certification gates
  • NIVAI certified badge
  • Publicly verifiable certificate

Independent audit

Independent auditors. Rigorous process.

Your assessment begins today. Certification completes at launch. The audit pipeline is open now -- your evidence is being collected and structured for the moment your auditor is assigned.

Independent review

Auditors are external to Nitivai and independent from your organisation. They access your evidence pack directly -- no intermediary, no curated summaries, no selective disclosure.

Defined scope, no surprises

The audit is scoped to your framework and tied to specific controls. You see exactly what the auditor sees. Findings are raised against controls, not sent as unstructured email.

Verified practitioners

All auditors on the network are independently vetted by NIVAI before joining. Qualifications, independence, and relevant experience are confirmed before any engagement is assigned.

Start now

Start your assessment today

Connect your tools and run your first assessment now. Your evidence is structured and ready when the audit pipeline opens in H2 2026.

Start free assessmentRequest a demo

What's included

Everything you need for AI governance

Automated evidence collection

From your connected tools. No manual screenshots or spreadsheets.

Control-by-control assessment

Each of the 116 controls shows exactly what was found and why.

Remediation guidance

Specific steps to fix each gap, ordered by impact on your score.

Board-ready reports

PDF reports for your board, your auditor, or your enterprise customers.

NIVAI certified badge

Issued when you meet all five certification gates.

Auditor portal

Your external auditor gets read-only access to review all evidence directly.

ISO 42001
Fully supported

ISO 42001 readiness reporting is now live

NIVAI-AGF evidence maps directly to all ISO 42001 clauses. Run your assessment once and get a complete ISO 42001 readiness report alongside your NIVAI score. When independent audits launch in H2 2026, your evidence is already audit-ready.

All ISO 42001 clauses mapped
Dedicated readiness report
Evidence collected automatically
Audit-ready evidence pack
Gap analysis included
Remediation guidance per clause
Start ISO 42001 assessmentRequest a demo
ISO 42001 Readiness71%
9 clause gaps to close before audit100% = audit-ready
ISO 42001 Clauses42 clauses
4. ContextOrganisational contextPASS
5. LeadershipAccountability & policyPARTIAL
6. PlanningObjectives & riskPARTIAL
7. SupportResources & competencePASS
8. OperationOperational controlsGAP
9. PerformanceEvaluationPASS
10. ImprovementContinual improvementPARTIAL

The platform

Built for security teams, not consultants

Nitivai™ is an operator tool, not a checklist. Every surface is designed to give you the exact information you need to improve your AI governance posture.

Governance overview

See your AI governance posture at a glance

A single dashboard shows your certification score, domain-by-domain breakdown, governance trends, and the controls that need attention. No spreadsheets, no guesswork.

Real-time certification score
18-domain breakdown
Trend tracking across assessments
Risk-prioritised control list
40%readiness
Nivaya TechnologiesBUILDING
116 controls · 18 domains
Pass6
Partial80
Fail8
Pending17
Domain coveragetop gaps
AIENCEncryption
20%
AIRELReliability
20%
AIAUDAudit
14%
DSData sovereignty
13%
AISECSecurity
11%
AIDLPData lifecycle
10%
AIACCAccountability
0%
Triage & remediation

Fix what matters, in the right order

Every failing control comes with step-by-step remediation guidance: who should fix it, how long it takes, and exactly what changes when they do. Assign owners, track progress, close gaps.

Step-by-step fix instructions
Ownership assignment
Priority-ordered by score impact
Before-and-after expectations
Priority controlsBrowse all 116
ControlStatusSeverity
AIACC-007
SSO enforcement for AI tools
FAILCritical
DS-004
Cross-border data flow tracking
PARTIALModerate
AIPRV-005
Consent management for AI processing
FAILCritical
AIDLP-003
Data retention policy enforcement
PARTIALModerate
Remediation
AIACC-007: SSO enforcement
1Federate AI tools through your identity provider
2Enforce SSO for all AI tool access
3Disable local authentication on AI tools
Evidence engine

Evidence collected automatically, not manually

Connectors pull technical evidence from your tools. The document engine evaluates uploaded policies against 96 document types with 480+ criteria. The desktop agent observes AI tool usage across your organisation.

100 tool connectors
Rules-based document intelligence
Desktop agent for shadow AI detection
Auditor-ready evidence packs
Evidence sources100 connectors
JumpCloud
Identity provider
14 findings
AWS
Cloud infrastructure
8 findings
GitHub
Source control
11 findings
Anthropic
AI provider
6 findings
Document analysis
AI-Acceptable-Use-Policy.pdf
Strong
Data-Retention-Policy.pdf
Adequate
AI-Risk-Register.xlsx
Weak
Data sovereignty

Know where your AI data goes

Map which AI tools run in which regions, flag tools operating outside your approved data processing regions, and track cross-border data flows. Region-level visibility your auditor will ask for.

Approved region management
Cross-border flow tracking
Tools-at-risk identification
Sovereignty score per tool
AI tools by region5 tools tracked
Anthropic (Claude)
USApproved
OpenAI (GPT-4)
USApproved
AWS Bedrock
EU (Frankfurt)Approved
Cohere
USAt risk
Together AI
USAt risk
Approved regions
3
US, EU, UK
At risk tools
2
Outside DPA scope
Governance properties

Evaluate AI tools by what matters, not by tier labels

NIVAI-AGF evaluates every AI session against four observable governance properties: training opt-out, bounded retention, identity attribution, and administrative visibility. A tool is governed when all four are demonstrable, regardless of its commercial label.

Training opt-out confirmed
Bounded data retention
Corporate identity attribution
Administrative visibility
Claude (Anthropic)Governed
Training opt-out
Bounded retention
Identity attribution
Admin visibility
ChatGPT (OpenAI)Ungoverned
Training opt-out
Bounded retention
Identity attribution
Admin visibility
Gemini (Google)Ungoverned
Training opt-out
Bounded retention
Identity attribution
Admin visibility

Integrations

100 connectors. Evidence collected automatically.

Connect the tools your organisation already uses. Connectors collect technical evidence automatically. Policies, registers, and training records are maintained directly inside the platform.

Identity & Access
JumpCloud, Okta, Microsoft Entra ID, Auth0, OneLogin, Ping Identity
Source Control
GitHub, GitLab, Bitbucket, Azure DevOps
AI Providers
Anthropic, OpenAI, AWS Bedrock, Azure OpenAI, Google AI, Cohere, Meta AI, Together AI
AI Code Assistants
GitHub Copilot, Cursor, Claude Code, Amazon Q, Gemini Code Assist, Aider
Cloud Infrastructure
AWS, Azure, Google Cloud, DigitalOcean, Railway, Render
Communication
Slack, Microsoft Teams, Zoom
Endpoint Security
CrowdStrike, SentinelOne, Microsoft Defender, Bitdefender
Endpoint Management
Jamf Pro, Kandji, Microsoft Intune, Workspace ONE
HR & People
BambooHR, Workday, HiBob, Personio, Deel, Rippling
Monitoring
Datadog, Grafana, New Relic, Sentry, Splunk
Project & Docs
Jira, Linear, Asana, Confluence, Notion, Monday.com
Security & Compliance
Snyk, Wiz, Netskope, Microsoft Purview, HashiCorp Vault, KnowBe4

NIVAI-AGF Standard

116 controls across 18 domains

A comprehensive AI governance standard purpose-built for organisations that develop or use AI. Evidence is collected automatically from your connected tools, uploaded policies, and structured registers you maintain inside Nitivai.

Data Sovereignty
AI Data Leakage Prevention
AI Privacy
AI Access Control
AI Security
AI Reliability
AI Model Lifecycle
AI Encryption
AI Documentation
AI Human Resources
AI Finance
AI Development
AI Operations
AI Governance
AI Risk
AI Audit
AI Sales
Agentic AI Governance

Full standard published at nivai.org →

Framework readiness

One assessment. Seven frameworks.

Nitivai™ does not replace existing certification processes. It prepares you for them. ISO 42001 is fully supported. Other frameworks are available on demand.

NIVAI-AGF

NIVAI-AGF

The AI governance standard

Foundation
ISO 42001

ISO 42001

AI management system

Live
SOC 2 Type II

SOC 2 Type II

AI controls subset

On demand
ISO 27001

ISO 27001

AI security controls

On demand
NIST AI RMF

NIST AI RMF

Risk management framework

On demand
EU AI Act

EU AI Act

Regulatory compliance

On demand
SA AI Act

SA AI Act

South African AI regulation

On demand

For auditors

Join the founding auditor network

We are establishing a founding cohort of independent practitioners to conduct the first AI governance certifications. Founding spots are limited. We welcome auditors from all disciplines -- information security, compliance, risk, data protection, and technology audit.

Founding auditors are independent practitioners, not employees of Nitivai. You conduct external audits through the Nitivai Auditor Portal and bring your own professional judgement to every engagement. Engagements start H2 2026 -- apply now to be considered.

Experience in audit, compliance, risk, or information security
Familiarity with AI governance, data protection, or technology standards
Holds a relevant qualification: CISA, CISSP, ISO 27001 Lead Auditor, ISO 42001 Lead Auditor, CIPM, CIA, or equivalent
Independent of organisations you audit

You set your engagement fee. Organisations post their budget; you decide whether to accept.

Apply as a founding auditor

Dedicated auditor platform

The Nitivai Auditor Portal gives you direct access to evidence packs, structured control review, and a finding workflow. No shared login with the organisation being audited.

Structured evidence, not raw data

Evidence is pre-collected and organised by control. You review what the platform found, raise findings where evidence is missing or insufficient, and record your verdict per control.

Shape the process

Founding auditors provide feedback that shapes how AI governance audits work. Your input influences how the standard is applied in practice.

Request a demo

See Nitivai in action

We will walk you through a 30-minute demo of the platform, tailored to your frameworks of interest. No sales pitch. Just the product.

Live assessment walkthrough

See how evidence is collected from your tools and turned into control results.

ISO 42001 readiness report

We will show you a real ISO 42001 report generated from connected tools.

Auditor portal demo

See what your external auditor will see when reviewing your evidence pack.

AI governance you can prove.

Connect your tools, run your first assessment, and see exactly where you stand. Certification-ready from day one.

niti(Sanskrit) — moral order·vai (Portuguese) — it goes forward

Start your assessmentRequest a demo

Built on the NIVAI-AGF standard. Published at nivai.org.