OISG Adequacy Test

Evaluate your AI system against the four OISG pillars. Each pillar has 5 criteria scored 0–5, for a total score of 0–100.

Organisation details

This information will appear on the downloadable assessment certificate.

O — Is it Open?

Model documentation (capabilities, limitations, provenance) is available to independent auditors
Governance infrastructure (policy engines, decision logic) is open and auditable
Communication protocols use open standards (MCP, OpenTelemetry, A2A)
Open projects have community stewardship (contribution process, security disclosure, governance)
Model provenance and training methodology are documented and reproducible
I — Is it Intelligent (governably)?

Model capabilities are measured with benchmark results, known failure modes, and confidence calibration
Infrastructure supports sovereign execution (on-premise, private cloud, air-gapped) where required
RAG pipelines are traceable (document version, embedding model, retrieval path)
Agent autonomy scope is explicit, machine-readable, and enforced at runtime
System can produce on demand a complete explanation of why it gave a specific response
S — Is it Secure?

Bidirectional injection defence operates on both request and response paths
Agent identities are cryptographically verifiable (DIDs, Ed25519 key pairs)
Transactional kill switch preserves forensic state and enables rollback
PII redaction is enforced at infrastructure level before model endpoints
Model supply chain integrity is verified (fingerprinting, SBOM, cryptographic provenance)
G — Is it Governed?

Compliance is verified automatically at runtime, not through periodic audits
Immutable forensic log (hash-chained) records all interactions and decisions
Human oversight is architecturally defined (which decisions, what info, what timeout)
End-to-end observability is in place (distributed tracing, SLOs, dashboards)
Risk classification is proportional, automated, and auditable as capabilities evolve
0
/ 100
Critical gaps