01 From models to audit packs

EU AI Act work stays clearer when inventory, classification, monitoring, and evidence share the same flow.

AuditReady helps teams structure AI systems, risk assessments, obligations, monitoring runs, and incidents alongside controls, suppliers, and evidence you already use for privacy and cyber programmes.

app.auditready.local/controlli

Controlli

Q1 Review

Nome	Owner	Stato	Ultima verifica
Accessi privilegiati	IT Security	Compliant	14 Mar 2026
Registro trattamenti	DPO Office	In revisione	12 Mar 2026
Backup & restore	Infrastructure	Gap aperto	10 Mar 2026

Inventory & classification you can defend Obligations tied to evidence and audits Monitoring & incident preparedness tracked

EU AI Act focused demo

HealthTech narrative: clinical triage / care prioritisation AI on a healthcare SaaS stack.

Demo customer

CarePath Analytics S.r.l. (clinical decision support)

B2B platform for provider organisations with decision-support modules, EHR integrations, and an external foundation model supplier.

Current posture

High-risk classification advanced; GPAI vendor under joint technical and contractual review.

Demo storyline

The demo tenant shows AI inventory, high-risk assessment, operational requirements, monitoring cadence, and a near-miss wired to evidence and the vendor record.

What you will see in the demo

“CareTriage Pro” with approved risk posture and AI Act requirements mapped to controls.
GPAI vendor dependencies with documentation workflows in progress.
Monitoring run highlighting human overrides and complaints trend; minor incident tied to playbook and simulation.

Open EU AI Act demo

Open the demo tenant to explore inventory, classification, GPAI dependencies, and monitoring in one workspace.

Operational gap

The AI Act grows heavy when models, vendors, and evidence are not connected.

Without AuditReady

AI systems, models, and APIs stay documented in different places without one classification and risk view.
Deployer/provider roles and lifecycle are not always traceable with verifiable evidence.
Operational monitoring, drift, and incident signals do not feed the same evidence spine.
GPAI/vendor dependencies and contractual clauses are hard to link to technical docs and controls.

With AuditReady

AI systems inventory linked to services, suppliers, and assets already in the tenant.
Versioned risk assessments with review status and next review dates.
AI Act requirements with owners, due dates, and links to evidence and audits.
Monitoring runs and incidents/near-misses with escalation paths aligned to your audit exports.

Module highlights

Native objects for EU AI Act readiness, wired into the rest of the platform.

AI inventory

A structured record per system: purpose, deployment context, data categories, and impacted users.

Risk & classification

Structured path for categories, rationale, approvals, and historical versions.

Requirements

Obligation families (risk management, logging, human oversight, post-market monitoring, etc.).

Monitoring runs

Periodic checks on performance, drift, complaints, and human overrides with outcomes captured.

AI incidents

Incident/near-miss register linkable to exercises and evidence.

Vendor / GPAI

Model/API dependencies with documentation status and clearer chain-of-responsibility.

Who it helps

Teams deploying or operating AI systems in regulated and high-risk settings.

AI governance & product legal
Compliance & risk
Security & data governance
Vendor management / procurement
Internal audit