Continuous AI Risk Program
An initial full review plus quarterly reassessments, change monitoring, and annual recertification. For enterprises and scale-ups that need ongoing visibility and defensible evidence for procurement and regulators.
What is the Continuous AI Risk Program?
The Continuous AI Risk Program is an annual engagement that starts with a Full AI Risk Review and then adds quarterly evidence refreshes, change monitoring, and annual recertification. You get the same depth and deliverables as a one-off Full Review up front, plus ongoing visibility and a renewed certificate each year. We also provide a priority support channel and procurement support so you can respond to vendor risk and security reviews without starting from scratch each time.
This package is built for enterprises and scale-ups that have many AI systems, frequent releases, or strict procurement and compliance requirements. One-off reviews are valuable, but if your environment and obligations change constantly, a program keeps your evidence current and your certificate valid for "as of" dates that matter to customers and regulators.
When to choose the Continuous Program
The Continuous AI Risk Program is designed for organizations that can't treat AI risk as a one-off project. If you're adding or changing AI systems regularly, responding to frequent procurement and security reviews, or operating under regulatory expectations that favor current evidence, a single review will go out of date quickly. The Program keeps your inventory, controls, and certificate current through quarterly refreshes and annual recertification, and gives you a dedicated channel for support and procurement questions.
Enterprises and scale-ups with many AI systems or strict compliance requirements get the most value. So do teams that have already run a Full Review and want to maintain that level of rigor without re-running a full engagement every year. The initial review sets the baseline; the ongoing work keeps it defensible and reduces the burden of ad-hoc evidence requests. If you're earlier in your journey or need only a point-in-time assessment, the Snapshot or standalone Full Review may be a better fit.
Risk Heat Map
5 systems × 5 domains
| Data | Access | Model | Logging | Governance | |
|---|---|---|---|---|---|
| chat-agent | 85 | 45 | 92 | 30 | 60 |
| ml-pipeline | 95 | 70 | 40 | 55 | 75 |
| doc-processor | 40 | 35 | 25 | 80 | 50 |
| search-api | 55 | 90 | 35 | 45 | 40 |
| analytics | 30 | 25 | 45 | 70 | 85 |
Your AI Risk Certificate
A time-bound certificate documenting your external review, designed for procurement conversations, board presentations, and regulatory oversight.
AI Risk Certificate
This certifies that
ACME Corporation
has successfully completed a Full AI Risk Review
Domain Assessment
Matthew Keeley
Chief Risk Officer
RiskReview.AI
Verify Online
riskreview.ai/verify
Time-Bound Validity
Each certificate includes clear issue and expiration dates, ensuring your compliance status is current and verifiable.
Quantified Risk Score
An overall grade backed by transparent domain-level assessments across inventory, data, security, governance, and monitoring.
Verification Ready
Unique certificate IDs and QR codes allow third parties to instantly verify authenticity through our online portal.
Procurement Accepted
Designed to satisfy vendor security questionnaires and due diligence requirements from enterprise customers.
Pricing
From $120,000 per year
The program includes an initial Full AI Risk Review (from $65,000) plus quarterly refreshes and annual recertification. Total pricing depends on the number of systems, complexity, and level of quarterly and annual work. We provide a clear proposal after a scoping call. The fee is typically invoiced annually; payment schedules can be discussed if you prefer quarterly or other arrangements. There are no hidden fees and no mandatory tool subscriptions.
The Program includes the initial full review (equivalent to a standalone Full AI Risk Review), quarterly refreshes, annual recertification, priority support, and procurement support within the agreed scope. Additional one-off work (e.g. red team or vendor review) can be quoted separately.
How it works
Initial full review
We run a Full AI Risk Review (all in-scope systems, security testing, compliance readiness, certificate). This sets your baseline and delivers the same report and certificate as a standalone Full Review.
Quarterly evidence refresh
Every quarter we refresh evidence: inventory updates, key control checks, and change summaries. You get a short status report and updated risk view without a full re-review each time.
Change monitoring inputs
We integrate with your change process (releases, new AI systems, major config changes) so we know what to focus on in the next refresh. This keeps the program aligned to how you actually build and ship.
Annual recertification
Once per year we run a full reassessment and issue a renewed AI Risk Certificate. This satisfies "current" evidence for procurement and regulators and keeps your program defensible.
Ongoing support
You get a priority support channel for questions, and we can support procurement responses and ad-hoc evidence requests within the scope of the program.
What's included
- • Everything in the Full AI Risk Review (initial)
- • Quarterly evidence refresh
- • Change monitoring inputs
- • Annual recertification
- • Priority support channel
- • Procurement support
Frequently asked questions
Who is the Continuous AI Risk Program for?
Enterprises and scale-ups that need ongoing visibility and annual recertification rather than a one-off review. Ideal for teams with many AI systems, frequent changes, or strict procurement and compliance requirements.
What's included in the initial review?
Everything in a standalone Full AI Risk Review: complete inventory, security testing, compliance readiness, remediation roadmap, AI Risk Certificate, and board/regulator summary. The Program adds quarterly refreshes and annual recertification on top.
What happens at quarterly refresh?
We update the inventory and re-check key controls and evidence. You receive a concise status report and updated risk view. It's lighter than a full review but keeps your posture current between annual recerts.
How is the annual recertification different from the first review?
We run a full reassessment again (inventory, security, compliance) and issue a new certificate with a current date. Scope can be adjusted if your systems or compliance targets have changed.
What is procurement support?
We can help respond to vendor risk questionnaires and security reviews that reference the review and certificate. Support is scoped in the program; complex one-off projects can be quoted separately.
How much does the Program cost?
Pricing starts at $120,000 per year (includes initial Full AI Risk Review plus annual program) and depends on scope. We provide a custom quote after a scoping call.
Ready for a Continuous AI Risk Program?
Get an initial full review, quarterly visibility, and annual recertification. We'll scope and quote after a short call.
Discuss the Program