Now generally available · ISO/IEC 42001 AIMS

Compliance is a checklist.
Cognita is the intelligence layer.

The first GRC platform built for AI. Continuous evidence collected from your model registry, training pipelines, and inference layer — automatically mapped to ISO 42001, the EU AI Act, and NIST AI RMF.

Start free 30-day trialBook a demo
SOC 2 Type IIISO 27001GDPRSSO + SCIM
app.cognitagrc.io/aims/registryLIVE
Cognita
Model Registry47
ISO 42001 Readiness
Impact Assessments4
TelemetryLIVE
Policy Manager
Frameworks
AIMS · INVENTORY

Model Registry

ACTIVE MODELS
47
HIGH-RISK
14
PENDING AIIA
4
DRIFT ALERTS
2
ModelProviderRiskAIIABias (30d)DriftControls
atlas-credit-risk v3.2.1INinternalHigh 78 0.81+4.0%
38/42
helix-resume-screen v1.4.0HhuggingfaceHigh 62 0.68+11.0%
28/42
pulse-ticket-router v2.0.7INinternalLimited 91n/a+2.0%
41/42
atlas-fraud-detect v4.1.2MLmlflowHigh 83 0.76+6.0%
40/42
Trusted by AI-first teams shipping under regulation
NorthwindMutual
Helix Bio
Atlas Pay
Lumen Health
Voyage AI
SentinelIndustrial
By the numbers

Outcome, not effort.

What enterprise AI teams achieve in their first 90 days on Cognita.

73%
less manual evidence collection vs. legacy GRC
11×
faster time to ISO 42001 Stage 2 audit readiness
12+
live & beta connectors auto-feeding evidence
40%
control reuse from existing ISO 27001 / SOC 2
Why we exist

Generic GRC tools weren't built for models.

Vanta and Drata treat AI models like static servers. ISO 42001 demands lifecycle observability — data lineage, bias mitigation, algorithmic impact. That's a different product.

Capability
Cognita AIMS
Generic GRC #1
Generic GRC #2
AI-native model registry with version + lineage
Native
Asset list only
Asset list only
Continuous bias & drift evidence (auto-firing)
Streaming
Manual upload
— Not supported
LLM-backed Risk Engine — reads intended use
Claude-powered
Static questionnaire
Static questionnaire
HuggingFace · MLflow · W&B integrations
6 live · 6 beta
— Not supported
— Not supported
Signed Model Cards from CI (GitHub Action)
Native
— Not supported
— Not supported
Continuous-compliance Findings (auto-opened on drift)
Native
— Not supported
Manual
Multi-framework control reuse (27001 ⇄ 42001)
Auto-mapped
Manual
Manual
Cryptographic audit trail (Merkle-signed)
Native
Mutable log
Mutable log
The platform

Three products. One intelligence layer.

Cognita is a SaaS OS for AI risk. Start with AIMS. Expand to Trust and Vendor Risk on the same data fabric.

AIMS · ISO 42001

The intelligence layer for models.

Track every model across its lifecycle. Sign Model Cards from CI, run Claude-powered AI Impact Assessments, stream bias + drift into ISO 42001 Annex A — and turn every threshold breach into an assignable Finding the team can actually close out.

ANNEX A · LIVE
A.5.4Impact assessmentpassing
A.10.3Continuous monitoringfiring
A.7.4Data qualitypassing
TRUST · SOC 2 / ISO 27001

Continuous SOC 2 & ISO 27001.

The classic GRC playbook, done right. Connectors for AWS, Okta, GitHub, Snowflake. Shared controls automatically reuse evidence to your AIMS module.

SHARED CONTROLS
SOC 2 CC8.1 → ISO 42001 A.6.2.5 · 14 evidence files reused
VENDOR RISK · THIRD-PARTY AI

Know what's inside the AI you don't build.

Every SaaS your team uses now has an AI sub-processor. Cognita Vendor Risk classifies them by EU AI Act tier, monitors their public model cards, and surfaces breaching changes as findings against your AIMS.

Inside AIMS

Everything ISO 42001 demands. Continuously.

Model Registry

Every model, every version. Risk-tiered against the EU AI Act with full lineage from training data → artifact → deployment.

Risk Engine for AIIA

Reads each model's intended use and auto-flags the EU AI Act clauses you must address. No more blank questionnaires.

Live Bias & Drift

Connect W&B, MLflow, Arize. Threshold breaches auto-open findings against ISO 42001 A.10.3 with cryptographic timestamping.

Auto Model Cards

Pulled from CI/CD on every deploy. Signed, versioned, and primary evidence for auditors — no human in the loop.

Framework Reuse

Bring your existing ISO 27001 or SOC 2 evidence. Cognita auto-maps shared controls, saving up to 40% of manual work.

Auditor Lock Mode

Hand external auditors a read-only, watermarked workspace. Every action logged. No data exposure beyond the audit scope.

We had ISO 27001 covered with a generic tool. ISO 42001 broke it. Cognita is the first platform that actually understands what a model is — not just a server with weights on it.

EM
Eleanor Marsh
Chief AI Risk Officer · Northwind Mutual
Ready when you are

Stage 2 audit in < 90 days.
Or your money back.

Free 30-day trial. White-glove ISO 42001 onboarding included. No credit card.

Start trialSee pricing