The method
In one quarter, a department moves from "we had no AI, or we introduced it and do not know what it does" to "AI operates this part and we can see it" — we build it or we put it in order, depending on where you start. This is, phase by phase, how we work and what you keep.
§ 01 · The scope
An organisation cannot transform itself entirely at once without breaking. You start with one department with a real and bounded process: the artificial intelligence that operates it is built or put in order, left AI-operable and visible, and only then extended. Ninety days is the time to prove it in one — not to promise it in all.
§ 02 · The four phases
We inventory what AI does today (or what it is intended to do) in that department: what data it touches, what systems it accesses, what it decides and who is accountable. We classify risk according to the EU AI Act.
A current-state map and a written risk classification — the first thing a regulator, or you, would ask for.
We describe data, processes and permissions in a structured way: machine-readable and human-understandable. We define what AI may do, what it may not, and how every step is recorded.
The operable documentation of the process and the launch of the AI management system — policy and risk register — conforming to ISO/IEC 42001.
The artificial intelligence — the one you already had, refined, or one we build — operates that process on the foundation above. In parallel, the trail remains: what it did, with what data, why — readable by you without being technical.
The process operated by AI with traceability, and the concrete way to see it — not "four stories in a meeting".
We consolidate the control evidence — statement of applicability, controls, incident register — so that the use of that AI is defensible before an auditor or a regulator. And we leave the plan for the next department.
The defensible dossier and an expansion roadmap.
§ 03 · What you receive
The artificial intelligence solution operating that process — built or adjusted by us — not a demo: it acts with traceability, and knows what data it may use and what it may not.
The operable documentation of the process — data, processes and permissions readable by machine and by person —: the foundation on which that AI operates.
Inventory and risk classification of your AI systems (EU AI Act).
The initial AI management system (AIMS) conforming to ISO/IEC 42001: policy, risk register, statement of applicability, controls.
The ability to see what AI does and the audit trail.
The roadmap for the next department.
§ 04 · The scope of the commitment
The commitment is concrete: one department that is AI-operable and visible, and a foundation that extends to the next. Not a generic productivity figure, not the entire company at once.
The actual pace depends on how ordered your data and processes are today — we will know that at the end of the diagnosis, and we will tell you plainly.
§ 05 · Next step
If this fits where you are today, the next step is not a hundred-page proposal. You tell us the department where you would start, what you have documented, and we tell you, precisely, how we would work and what we would leave you.
One quarter, one department, one foundation that is visible.