HomeWork

Proof of work, not pitch decks.

Anonymized case studies from real engagements in regulated environments. Every metric is from delivered work. Full sanitized peeks of the operating documents we ship below.

AI Tools & Applications · Life Sciences

8 AI Applications, 3 Phases, One Governance Framework

Designed and built a governed AI portfolio across executive intelligence, commercial operations, GRC, finance, competitive strategy, regulatory science, governance, and operations. Each application passed formal AI Council review before production deployment.

apps in production

100%

governance pass rate

business domains

Full

ownership transfer

Full ownership transfer included. All applications governed under a unified AI charter and risk tiering model.

AI Governance · Regulated Manufacturer

From Zero AI Governance to Executive Control Plane in 4 Weeks

Built the complete AI governance operating model (charter, ethos & principles, intake & discovery guardrails, risk tiering model, governance review checklist, and lifecycle management) into a single executive control plane shipped in four weeks.

4 wks

to executive sign-off

governance artifacts

retainers

Full

ownership transfer

Compliance & Audit · Life Sciences

Audit-Ready in 90 Days

Designed an evidence-as-operations model mapping controls to existing workflows. SOC 2 Type II and ISO 27001 alignment delivered in 90 days with no quarterly audit-prep fire drills going forward.

90d

to audit-ready

85%

evidence automated

quarterly fire drills

2 hrs

monthly review

Artifacts

What you actually get.

Sanitized peeks of the operating documents we ship. Not slide decks. Not policy PDFs that sit in a folder. Live artifacts wired into review cadences, build pipelines, and audit evidence collection.

Document

Artificial Intelligence Charterv2.1 · ratified

Prepared for: REGULATED LIFE-SCIENCES CO.

Artificial Intelligence Charter

Effective FY26 · Next review FY27 Q2

“To deploy artificial intelligence in direct service of patients, clinicians, and operators — with governance, evidence, and reversibility built in from day one.”

§1 · AI Council

Chief Executive (chair)
Chief Information Security Officer
General Counsel
Chief Medical Officer

§2 · Scope

All systems using ML / LLMs
All vendors marketing “AI”
Internal automation w/ inference

§3 · Risk Posture

Reversible by default
Human-in-loop for T2+
No PHI to public models

§4 · Approval Routes

T0 / T1 → IT Director
T2 → AI Council
T3+ → Exec Council

A.M.

CEO

D.K.

CISO

R.P.

Sanitized sample

Executive AI Charter

One page. Board-ratified. Defines mission, council composition, risk posture, and approval routes for every AI system you ship. Drafted to be signed, not filed.

GovernanceExecutiveSign-off

Reference

AI Risk Tier ReferencePipeline-tied · v3

Prepared for: REGULATED MANUFACTURER

Risk Tier Reference

Build-gate enforced · Updated each sprint

Tier

Posture

Example Use

Controls

Approver

Excluded

Spell-check, autocomplete

—

None

Limited

Internal search, summaries

Standard

IT Director

Moderate

Decision support, drafts

Enhanced

AI Council

High

Patient-facing, dx aid

Full + Mon.

Exec Council

Prohibited

Autonomous medical action

Veto

CISO + Legal

How to use

Every system that performs inference is tagged in the build pipeline with a tier. Tiers above T1 must produce the corresponding evidence packet before promotion to production. CI fails closed when missing.

Sanitized sample

AI Risk Tier Matrix

A four-tier reference that maps system risk to required controls, review depth, and approver. Wired to the build pipeline so deployment gates fail closed without it.

RiskPipeline-tiedOperational

Ledger

Operability Debt LedgerQ1 · sprint 4

Prepared for: REGULATED SERVICES CO.

Operability Debt Ledger

18 open items · threshold breach alerts on

Governance

MTTR 11d

Evidence

MTTR 16d

Lifecycle

MTTR 04d

Detection

MTTR 09d

Top open items

OPD-241Vendor SOC 2 expired · Acme Cloud12d

OPD-238Risk register stale (>90d) · Finance domain06d

OPD-235AI Council quorum missed · Q1 review21d

OPD-233Evidence pipeline replay failure · CC7.202d

Promotion gate2/3

Sanitized sample

Operability Debt Ledger

Tracks the gap between policy and production across four pillars. Promotion gates fail closed when debt exceeds threshold. The lever that turns governance from theatre into a shipping artifact.

BuildPromotion gatesIEEE

Map

Control MappingEvidence-as-Operations

Prepared for: LIFE-SCIENCES CO.

Evidence-as-Operations Map

47 mapped controls · 6 frameworks (excerpt)

Framework

Control

System of record

Cadence

Auto

SOC 2

CC6.1

Okta + IAM

Continuous

✓

SOC 2

CC7.2

SIEM

Continuous

✓

ISO 27001

A.8.16

EDR

Hourly

✓

ISO 27001

A.5.23

CSPM

Daily

✓

HIPAA

164.312

Audit log

Continuous

✓

GDPR

Art. 32

DLP review

Manual

○

39/47

Auto-collected

83%

Coverage

Q-end fire drills

Sanitized sample

Evidence-as-Operations Map

Maps SOC 2, ISO 27001, HIPAA, and GDPR controls to existing system workflows so audit evidence is collected as work happens. No quarterly fire drills.

ComplianceContinuousCross-framework

Want to see something specific?

Tell us the problem and we'll send a tailored sample artifact pack from comparable work.

Request samples