Solutions · Regulated AI

Govern the model, and keep a defensible release trail.

Name: LeanLogix
Brand: LeanLogix

Governance-first private AI, mapped to the NIST AI RMF and ISO/IEC 42001. Separation of duties is enforced in the data layer — the approver can never be the trainer — and the evidence is produced by the pipeline as a model moves, not assembled after the fact. It is built so the model you ship is the model you can defend, months later, to a regulator who never trusted your dashboard.

Open the studio See the framework mapping

Frameworks mapped · AI RMF · ISO 42001

SoD

Separation of duties enforced in the data layer

Ed25519

Passport seal · re-verify offline at /api/verify

Leakage on the hard probe suite

Framework mapping

The controls a framework asks for are properties of the record

The AI RMF organizes governance into four functions — Govern, Map, Measure, Manage. ISO/IEC 42001 asks for a management system around AI. LeanLogix does not paper over either with a policy document. Each function maps to a capability the studio already enforces on every build.

A control you can only describe is a control you cannot prove. Here the mapping is mechanical: the reviewer being independent of the trainer is a state on the record, the leakage score is a number the gate reads, and the lineage is what the signature covers.

This is a mapping to those frameworks, not a certification under them. The point is that the artifacts an auditor would ask for already exist by the time a model reaches a channel — they are not reconstructed after a request.

AI RMF function → LeanLogix capability

GovernSeparation-of-duties approval · reviewer ≠ trainer

MapModel passport · base, method, dataset, lineage

MapDataset registration · PII-scanned, customer-data status

MeasureHard-benchmark eval + PHI/PII/secrets leakage probes

MeasureEval verdict gates dev → candidate → approved → production

ManageProduction monitoring · autoresearch improvement loop

ManageEd25519-signed release · re-verifiable without the dashboard

The governance gate

Four steps from a dataset to a sealed release

Promotion is not a button someone clicks at the end. It is a sequence of gates a build has to earn — and each gate leaves the evidence behind it on the record.

Register the dataset

Every training set is registered, PII-scanned, and marked for customer-data status before a run can touch it. What goes in is recorded, not assumed.

Train inside the boundary

The model is built from a reproducible recipe — base, method, hyperparameters — that runs inside your data boundary and is captured on the record as it happens.

Score on hard probes

Each version is scored on a behavioral, safety, and leakage suite. The eval verdict — including zero-leakage on the hard suite — is the gate that decides whether the build can be promoted at all.

Approve and seal

An independent reviewer who is not the trainer approves the release, and it is sealed with an Ed25519-signed passport. The signature, not a screenshot, is the proof.

Why it holds up

Governance that survives a question you cannot anticipate

The hard part of regulated AI is not the model. It is proving, after the fact, exactly what shipped and why it was allowed to. The studio closes that gap by construction rather than by paperwork.

Separation of duties

The approver is never the trainer. A release that has not cleared a reviewer independent of the build cannot enter the production channel — the constraint is enforced, not requested.

Evidence by construction

The passport is produced by the pipeline as the model moves, not assembled into a binder after a regulator asks. The record that drives the gate is the same record an auditor reads.

Defensible release trail

On approval, the release is sealed with an Ed25519 signature over its lineage, and an offline endpoint re-derives the passport and checks the signature. A regulator or customer can re-verify it later without trusting your dashboard, your word, or your uptime.

Framework-aligned

The mapping to the AI RMF and ISO/IEC 42001 is a property of the record, not a slide. The functions a framework names — Govern, Map, Measure, Manage — line up with capabilities the studio already runs.

LeanLogix maps its capabilities to the NIST AI RMF and ISO/IEC 42001 to make governance evidence concrete. This is a framework mapping for evaluation, not a claim of certification, accreditation, or deployed customer compliance.

Walk a model through the gate yourself

Open the studio and follow one build from a registered dataset to a signed passport — then look at the evidence model that makes the release trail re-verifiable.

Open the studio See the evidence model