Scrydon
Compliance

AIUC-1

AI Use-Case attestations — a streamlined framework for enterprise AI procurement, mapped to Scrydon's controls.

AIUC-1 is a use-case-level attestation framework designed for enterprise AI procurement. It complements ISO/IEC 42001 with concrete, evidence-driven attestations that line up with what AI procurement teams typically ask for.

This page maps Scrydon's controls to AIUC-1 attestations.

How AIUC-1 fits

AIUC-1 is use-case-scoped, not platform-scoped. Each AI use-case (a deployed workflow, an agent, an automation) gets its own attestation pack. The platform supports this by treating each workflow / automation as the unit of attestation.

Attestation areas

Purpose and scope

  • Documented purpose, intended users, intended outputs.
  • In-scope and out-of-scope use-cases.
  • Lifecycle stage (pilot, beta, production, deprecated).

Captured per workflow in the AI system inventory.

Data inputs

  • Data sources, types, provenance.
  • Personal data, special categories.
  • Data quality controls.

Captured per workflow via the integration list, the knowledge bases referenced, and the managed tables read.

Model details

  • Model identifier, provider, version.
  • Deployment mode (cloud, self-hosted).
  • Capability surface (tool use, vision, structured output).

The integration registry exposes this per workflow. See Vendors.

Risk and mitigations

  • Identified risks (hallucination, bias, leakage, prompt injection).
  • Mitigations (guardrails, evaluator gates, document clearance).

Captured per workflow's risk assessment.

Human oversight

  • Approval gates, override mechanisms, escalation paths.
  • Confirmation defaults for AI actions.

Captured in workflow design (confirmation steps, evaluator branches).

Monitoring and metrics

  • Performance metrics tracked.
  • Drift detection.
  • Incident response procedure.

Captured per workflow's monitoring profile.

Security and privacy

  • Authorisation model.
  • Audit posture.
  • Retention.

See Security for the controls that satisfy this section.

Decommissioning

  • Trigger conditions.
  • Data disposition.
  • Stakeholder notification.

Captured in the workflow's lifecycle record.

Evidence collection

AIUC-1's attestations are evidence-driven. Scrydon produces evidence automatically:

  • Audit log events → security + access attestations.
  • Workflow run logs → monitoring attestations.
  • Evaluator scores → quality attestations.
  • Integration registry snapshots → model + data input attestations.

All of these are exportable for inclusion in your AIUC-1 evidence pack.

  • AI governance — lifecycle artefacts AIUC-1 expects.
  • ISO 42001 — the international management-system baseline AIUC-1 sits on top of.
  • EU AI Act — overlapping regulatory framework.
On this page

On this page

How AIUC-1 fitsAttestation areasPurpose and scopeData inputsModel detailsRisk and mitigationsHuman oversightMonitoring and metricsSecurity and privacyDecommissioningEvidence collectionRelated
Edit on GitHubCreate documentation issue