Discovers AI Systems
Identifies all AI systems in your organization through conversational discovery. Captures:
- System names and purposes
- Risk tiers (high/medium/low)
- Data access patterns
- User exposure levels
Certification Wizard
The Certification Wizard is GLACIS’s AI-powered intelligent assistant that guides you through ISO 42001 compliance setup. In approximately 20 minutes, the wizard conducts a conversational interview to discover your AI systems, assess compliance gaps, and generate foundational compliance artifacts.
What the Wizard Does
Assesses Compliance Gaps
Analyzes your current state against ISO 42001 requirements:
- Identifies missing controls
- Prioritizes remediation
- Suggests implementation approaches
- Estimates effort levels
Generates Artifacts
Automatically creates foundational documents:
- AI system registry
- Impact assessments
- Policy templates
- Control implementations
Maps Evidence
Links your responses to specific controls:
- Auto-populates evidence
- Sets initial control status
- Assigns ownership recommendations
- Creates audit trail
How It Works
The wizard uses Claude AI to conduct an intelligent, context-aware interview:
┌─────────────────────────────────────────────────────────────┐│ Certification Wizard Flow │├─────────────────────────────────────────────────────────────┤│ ││ Stage 1: Welcome ││ └─ Introduction, scope confirmation ││ ││ Stage 2: AI Systems Discovery ││ └─ Identify all AI systems, purposes, risks ││ ││ Stage 3: Organizational Context ││ └─ Governance structure, roles, processes ││ ││ Stage 4: Framework Selection ││ └─ ISO 42001, EU AI Act, SOC 2, etc. ││ ││ Stage 5: Completion ││ └─ Generate artifacts, present recommendations ││ │└─────────────────────────────────────────────────────────────┘Starting the Wizard
-
Navigate to the Dashboard
Log into the GLACIS Dashboard and select your organization.
-
Launch the Wizard
Click “Start Certification Wizard” on the home page or navigate to Settings → Certification Wizard.
-
Begin the Interview
The wizard will greet you and ask about your AI compliance goals. Answer naturally — it understands context and follow-up questions.
-
Complete All Stages
Progress through all 5 stages. The wizard tracks your progress and allows you to pause and resume.
-
Review Generated Artifacts
Once complete, review the generated:
- AI system registry entries
- Impact assessments
- Gap analysis report
- Recommended policies
Interview Examples
AI Systems Discovery
Wizard: “Let’s start by understanding your AI systems. Can you tell me about the AI or machine learning systems your organization uses? This includes any systems that make predictions, generate content, or automate decisions.”
You: “We have three main AI systems. First is a customer support chatbot using GPT-4 that handles about 10,000 conversations per month. Second is a fraud detection model that flags suspicious transactions. Third is a recommendation engine for our e-commerce platform.”
Wizard: “Great, I’ve identified three AI systems. Let me ask about each one:
For the customer support chatbot:
- What types of data does it access? (customer names, account info, etc.)
- Does it make any decisions that affect customers, or just provide information?
- How many users interact with it daily?”
Risk Assessment
Wizard: “Based on what you’ve shared, I’m assessing the fraud detection model as high risk because:
- It makes automated decisions affecting customers
- False positives could block legitimate transactions
- It processes financial data
Do you have any human oversight in the fraud detection process?”
You: “Yes, any flagged transaction over $500 is reviewed by a human analyst before action is taken.”
Wizard: “That’s excellent — human-in-the-loop oversight is a key ISO 42001 control (A.9.3). I’ll note this as implemented for your fraud detection system.”
Generated Artifacts
After completing the wizard, you’ll receive:
1. AI System Registry
A complete inventory of your AI systems mapped to ISO 42001 requirements:
# Example: Generated AI System Entryai_systems: - id: sys_chatbot_001 name: Customer Support Chatbot description: GPT-4 powered chatbot for customer inquiries risk_tier: medium status: production data_access: - customer_names - account_numbers - conversation_history decision_types: - informational_responses human_oversight: optional monthly_interactions: 10000 controls_mapped: - A.4.1 # AI system identification - A.4.4 # AI system inventory - A.9.4 # User monitoring2. Impact Assessments
Risk assessments for each AI system:
| System | Risk Tier | Data Sensitivity | User Impact | Recommended Controls |
|---|---|---|---|---|
| Chatbot | Medium | PII (names, accounts) | Low | A.6.2.6, A.9.3 |
| Fraud Detection | High | Financial | High | A.5.12, A.6.2.8, A.9.3 |
| Recommendations | Low | Behavioral | Low | A.6.2.6 |
3. Gap Analysis Report
Prioritized list of compliance gaps:
┌─────────────────────────────────────────────────────────────┐│ Gap Analysis Summary │├─────────────────────────────────────────────────────────────┤│ Overall Compliance: 34% ││ ││ Critical Gaps (High Priority): ││ • A.5.12 - Impact assessment process (Not Started) ││ • A.2.1 - AI governance policy (Not Started) ││ ││ Important Gaps (Medium Priority): ││ • A.6.2.8 - Performance monitoring (In Progress) ││ • A.8.4 - Incident response (Not Started) ││ ││ Minor Gaps (Low Priority): ││ • A.10.2 - Vendor assessments (Partially Implemented) │└─────────────────────────────────────────────────────────────┘4. Policy Templates
Draft policies ready for customization:
- AI Governance Policy (A.2.1)
- AI System Development Policy (A.6.1)
- AI Incident Response Policy (A.8.4)
- Third-Party AI Management Policy (A.10.1)
Wizard Security
The Certification Wizard includes multiple security protections:
| Protection | Description |
|---|---|
| Rate Limiting | 10 requests/minute per organization |
| Input Validation | 2,000 character limit per message |
| History Limit | 30-message conversation limit |
| State Integrity | HMAC-SHA256 signatures on conversation state |
| Prompt Injection Detection | 11+ suspicious patterns blocked |
| Output Validation | Zod schema validation on all AI responses |
Best Practices
Before Starting
- Gather information: Know your AI systems, their purposes, and data access
- Identify stakeholders: Know who owns AI governance in your organization
- Set time aside: Plan for 20-30 minutes of focused time
- Have documentation ready: Any existing AI policies or assessments
During the Interview
- Be specific: Detailed answers produce better artifacts
- Ask questions: The wizard can clarify ISO 42001 requirements
- Correct mistakes: If the wizard misunderstands, clarify immediately
- Don’t rush: Thoughtful answers improve output quality
After Completion
- Review all artifacts: Check generated content for accuracy
- Customize policies: Adapt templates to your organization’s voice
- Assign ownership: Designate control owners for each gap
- Plan remediation: Create timelines for addressing gaps
Milestones
Track your wizard progress through the Milestones API:
// Get wizard milestonesconst response = await fetch('/api/v1/wizard/milestones', { headers: { 'Authorization': 'Bearer ' + apiKey }});
const milestones = await response.json();// {// stages: {// welcome: 'completed',// ai_systems: 'completed',// org_context: 'in_progress',// frameworks: 'pending',// complete: 'pending'// },// progress: 45,// aiSystemsDiscovered: 3,// gapsIdentified: 12// }Next Steps
AI Interview Deep Dive Learn about the interview flow and question patterns.
Generated Artifacts Understand what the wizard creates and how to use it.
Best Practices Tips for getting the most out of the wizard.