Colorado AI Act Jun 30, 2026
EU AI Act Aug 2, 2026
California ADMT 2026
Compliance Platform

The AI governance layer your compliance stack is missing

Continuous compliance monitoring for AI systems. ISO 42001 mapping, automated evidence generation, OSCAL export. Works alongside Vanta, Drata, and your existing GRC tools.

Request a demo

Positioning

You already use Vanta or Drata. They don’t cover AI.

You already run SOC 2 and ISO 27001 through Vanta or Drata. But AI governance is a different framework—ISO 42001 has its own controls, its own evidence requirements, and its own audit scope. GLACIS is the AI-specific layer that plugs into your existing compliance stack.

Not a replacement. An addition.

Platform capabilities

Built for AI compliance from the ground up

93 ISO 42001 controls across 10 Annex A domains

Full coverage of the AI management system standard with structured control mapping.

NIST AI RMF function mapping

Govern, Map, Measure, Manage—aligned to the AI Risk Management Framework.

Automated control population from attestation data

Controls populate automatically as evidence flows in. Less manual work, fewer gaps.

Multi-framework crosswalks

Map once, satisfy many. One control can cover ISO 42001, NIST AI RMF, and EU AI Act simultaneously.

OSCAL-compliant Evidence Pack export

Machine-readable evidence packs in NIST OSCAL format for auditors and downstream tools.

Certification wizard

Guided workflow from gap analysis to audit-ready documentation. Know exactly what’s left to do.

Multi-tenant architecture with RBAC

Tenant isolation with role-based access. Each business unit gets its own compliance scope.

Webhook ingestion and audit logging

Ingest events from any source. Every action is logged with an immutable audit trail.

Who this is for

Your compliance stack has a gap. We fill it.

  • GRC teams adding AI governance to their framework stack
  • AI vendors needing ISO 42001 compliance for enterprise sales
  • Health systems with AI governance committees
  • Anyone facing Colorado AI Act or EU AI Act deadlines

Pricing

$30–60K / year

Depending on org size and number of AI systems.

Typical onboarding: 4–8 weeks

Request a demo

FAQ

Common questions

How does this integrate with Vanta or Drata?
GLACIS handles the AI-specific governance controls that Vanta and Drata don’t cover. We complement your existing GRC stack rather than replace it. Export evidence in OSCAL format for unified reporting.
What frameworks are supported?
ISO 42001, NIST AI RMF, EU AI Act requirements, Colorado AI Act, HIPAA AI provisions, SOC 2 AI controls, and NIST 800-53 mappings. Multi-framework crosswalks let you satisfy multiple requirements simultaneously.
How long does onboarding take?
Typical onboarding is 4–8 weeks. We map your existing AI systems, configure controls, and establish baseline compliance posture.
Can we start with an assessment first?
Yes. Many clients begin with a Governance Assessment to establish their baseline, then transition to the platform for ongoing monitoring.
Do you support multi-tenant environments?
Yes. Full RBAC with tenant isolation. Each business unit or AI system can have its own compliance scope while rolling up to a unified organizational view.

Also from GLACIS

Compliance is one piece. Here’s the rest.

Assess

Know where you stand before the deadline hits

A structured governance assessment against ISO 42001 and NIST AI RMF, delivered in 3–4 weeks. The natural starting point before continuous compliance.

Book an assessment

Deploy

Ship AI without the risk. Keep data home.

A zero-egress proxy inside your VPC that runs configurable controls on every AI inference call and generates cryptographic evidence.

Talk to us about deployment