Demo · sample data, not for production use · request the real tool →

B2B credit-line decisioning

Recommends credit limit and net terms for new B2B customers. CRM ingests recommendation; final approval by Treasury.

Tier 1 (high)In review
77
trust / 100

System card

Owner
Director, Treasury
Business unit
Finance / Treasury
Model
FICO · small-business-creditscore-v9
Vendor type
Commercial self-host
Approved
Not yet approved
Data inputs
business credit bureauinternal payment historyindustry code

Trustworthy AI characteristics

Per NIST AI RMF §1.2.5 — 0=not addressed, 5=monitored

Risk inputs

Tier formula: impact × likelihood × (6 − reversibility). ≥ 50 → Tier 1, ≥ 18 → Tier 2, else Tier 3.

Impact
5 / 5

Severity if the system fails or is misused (1=trivial, 5=existential).

Likelihood
4 / 5

Probability of exposure given current usage cadence.

Reversibility
3 / 5

Ease of unwinding a bad output (5=fully reversible, 1=irreversible).

Required controls — 15 for Tier 1 (high)

Tier-aware control bundle from NIST AI RMF, mapped to ISO 42001 clauses

  • AI-GV-1.1GOVERNAI policy approved by senior leadership

    A written AI use policy approved at the C-suite or board level, reviewed annually.

    ISO 42001: 5.2, 5.3

  • AI-GV-1.2GOVERNAI risk owner assigned per use case

    Each registered use case has a named owner accountable for its risk posture.

    ISO 42001: 5.3

  • AI-GV-2.1GOVERNAI training delivered to operators and stewards

    Personnel with AI responsibilities have completed role-appropriate training in the last 12 months.

    ISO 42001: 7.2, 7.3

  • AI-GV-3.1GOVERNPre-deployment review board approves Tier 1 systems

    Tier 1 systems require AI Review Board sign-off before going live; minutes retained.

    ISO 42001: 8.2, 8.3

  • AI-MP-1.1MAPUse-case registered with intended purpose and stakeholders

    Registry entry includes purpose, business owner, affected stakeholder groups, and data inputs.

    ISO 42001: 6.1.2, 8.2

  • AI-MP-2.1MAPImpact assessment documented

    Documented assessment of impact on individuals, groups, and the organization, including foreseeable misuse.

    ISO 42001: 6.1.4

  • AI-MP-3.1MAPData lineage and provenance recorded

    Source datasets, licensing, collection method, and known biases of training/grounding data are documented.

    ISO 42001: 7.5, 8.1

  • AI-MS-1.1MEASUREValidity and reliability metrics defined and tracked

    Documented accuracy / quality metrics with thresholds, monitored on a published cadence.

    ISO 42001: 9.1

  • AI-MS-2.1MEASUREBias and fairness testing across protected groups

    Disparate-impact testing across protected attributes performed prior to deployment and on a recurring basis.

    ISO 42001: 6.1.4, 9.1

  • AI-MS-3.1MEASUREAdversarial robustness testing

    Red-team or adversarial evaluation against documented threat model; findings tracked.

    ISO 42001: 8.2

  • AI-MS-4.1MEASUREPrivacy and data-protection review completed

    DPIA or equivalent privacy review covering training data and prompts; signed off by privacy lead.

    ISO 42001: 6.1.4, 8.2

  • AI-MG-1.1MANAGEHuman override and contestability path

    Affected individuals can contest an AI-driven decision; documented escalation path.

    ISO 42001: 8.2, 10.2

  • AI-MG-2.1MANAGEProduction monitoring and drift detection

    Operational telemetry on input distribution, output rates, and quality metrics with alert thresholds.

    ISO 42001: 9.1

  • AI-MG-3.1MANAGEIncident response runbook for AI failures

    Documented procedure for hallucination, bias, leak, or downtime incidents; rehearsed annually.

    ISO 42001: 10.2

  • AI-MG-4.1MANAGEDecommissioning and rollback plan

    Plan to disable, replace, or roll back the system; data retention/deletion specified.

    ISO 42001: 8.2

Per-characteristic detail

Trustworthy AI rubric scored 0-5 per axis

  • Valid & Reliable

    Accurate against ground truth and reliable across the operating envelope.

    4 / 5
  • Safe

    Will not endanger life, health, property, or environment under foreseeable use.

    4 / 5
  • Secure & Resilient

    Resists adversarial inputs, model extraction, and degrades gracefully.

    4 / 5
  • Accountable & Transparent

    Clear ownership; decisions can be reviewed and contested.

    4 / 5
  • Explainable & Interpretable

    Affected parties can understand how a decision was reached.

    3 / 5
  • Privacy-Enhanced

    Personal data minimized, protected, and processed lawfully.

    5 / 5
  • Fair (bias managed)

    Disparate impact tested and mitigated across protected groups.

    3 / 5