Mercury Security

From AI Audit to Governance — in 4 Weeks

AI regulation is already here. Align with the EU AI Act, NIST AI RMF, GDPR, and ISO/IEC 42001 quickly and confidently — with an executive-ready audit and roadmap.

EU AI ActNIST AI RMFGDPRISO/IEC 42001

4-Week Audit → Governance Sprint

In 30 days, we deliver a fixed-scope audit with board-ready evidence and a 90-day roadmap.

  • System inventory & purpose declarations
  • Evidence Pack (logs, tests, SOPs)
  • Framework crosswalks (EU ↔ NIST ↔ GDPR ↔ ISO)
  • Board briefing + roadmap
Growth $25,000 · Enterprise from $65,000+
Book Sprint

Research & Evidence Library

Quarterly whitepapers, crosswalks, and toolkits for AI governance. Org-wide license, no seat limits.

Annual $2,500 · Lifetime $7,500
  • Quarterly APA-7 whitepapers
  • CSV + PDF framework crosswalks
  • Checklists & templates
Explore Research

AI Agent Oversight Pack

Annual assurance for hosted AI agents (reception, support, knowledge, social posting, workflow).

$10,000 / year
  • HITL & escalation SOP
  • Logging & retention policy
  • Bias & safety testing
  • Incident & escalation playbook
  • Hosting & assurance overview
Add Oversight

How the 4-Week Sprint Works

1
Week 1 — Scope & Map
System inventory, stated purpose/out-of-scope, hosting posture.
2
Week 2 — Evidence
Logs, access, notices, HITL, change control, retention.
3
Week 3 — Findings
Bias/safety tests, transparency checks, gap analysis, remediation priorities.
4
Week 4 — Roadmap
Executive brief, 90-day plan, owners & timelines, re-test plan.

See Inputs Checklist

What You Receive

  • Audit Report — plain-English findings + technical appendix
  • Evidence Pack — redacted logs, tests, screenshots, SOPs
  • Framework Crosswalk — EU AI Act ↔ NIST ↔ GDPR ↔ ISO/IEC 42001
  • Board Roadmap — 90-day plan with owners & deadlines

What’s in the Evidence Pack

Plans & Pricing

Clear options for different stages — from small business pilots to enterprise-scale assurance.

Foundation

$9,500

For small businesses or pilot projects. A starter audit that delivers credible evidence without the full 4-week program.

  • System mapping & inputs checklist
  • Light Evidence Pack (logs + configs)
  • Short executive summary (no full roadmap)
  • Single agent, one environment

Growth

$25,000

The full 4-Week Audit → Governance Sprint. Ideal for SMEs and regulated mid-market orgs that need a board-ready roadmap.

  • Audit Report with findings
  • Full Evidence Pack (logs, tests, SOPs)
  • Framework Crosswalk (EU ↔ NIST ↔ GDPR ↔ ISO)
  • Board Roadmap with 90-day plan

Enterprise

From $65,000+

For complex or regulated environments. Multi-agent, multi-region, or regulated data classes with enterprise assurance.

  • All Growth deliverables
  • Multi-agent / multi-region coverage
  • Regulated data class add-ons (e.g., PHI/PCI)
  • Oversight Pack integration + enterprise support

Why Mercury

  • Productized clarity: fixed deliverables, fixed timelines, fixed outcomes
  • Evidence-driven: artifacts designed for regulators and boards
  • Framework-aligned: EU AI Act · NIST AI RMF · GDPR · ISO/IEC 42001
  • Independent assurance: vetted hosting, structured oversight

FAQs

Do you certify compliance?
No. We provide defensible evidence and governance artifacts aligned to recognized frameworks. Legal counsel handles formal DPIAs/filings.

What pauses the 4-week clock?
Missing inputs (access, logs, policies). Once complete, the 20-day Sprint resumes.

Can we add more agents or regions?
Yes — use the Add-On Catalog or the Enterprise tier.

Need something specific?

See our Docs hub for Inputs, Evidence, Methods, and the sample SOW, or contact us for a quick scoping call.



linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram