Atlas LogicTrust Center

AI Governance & Responsible Use

Atlas Logic is an AI-native GRC platform. Our AI features run on Grok models (grok-4-mini base) hosted in Microsoft Azure AI Foundry, under Microsoft’s enterprise data-protection commitments. We govern all AI systems through documented policies, human-in-the-loop controls, and contractual restrictions on model training. Our program aligns with ISO 42001:2023 and the EU AI Act (August 2026 enforcement deadline).

Azure AI Foundry — grok-4-miniISO 42001 roadmapEU AI Act alignmentOWASP LLM Top 10Human-in-the-loopAI risk register

EU AI Act — August 2026 enforcement

Atlas Logic’s compliance-automation platform is classified as Limited Risk under the EU AI Act (not a high-risk system per Annex III). We maintain transparency obligations for AI-generated compliance narratives and audit summaries. ISO 42001:2023 certification is targeted for Q4 2027 as our primary AI governance attestation.

Human-in-the-Loop Controls

  • All AI-generated compliance narratives are reviewed before being published as evidence.
  • Agentic workflows require human approval for any action that modifies customer compliance data.
  • AI risk assessments are flagged for human review above a configurable confidence threshold.
  • No AI system makes final pass/fail determinations on certification controls without human sign-off.

Data Handling

  • Customer evidence content is never used to train foundation models — contractually enforced under Microsoft’s enterprise data-protection commitments.
  • AI processing occurs within Azure AI Foundry; prompts and completions are not used to train base models.
  • AI inference is tenant-isolated — no cross-customer data leakage in prompts or context.
  • All AI provider calls are logged with a SHA-256 hash-chained audit trail in Azure Log Analytics.

Security Controls (OWASP LLM Top 10)

  • Prompt-injection protection: user inputs are sanitized before AI prompts are constructed.
  • Output validation: AI responses are parsed and validated before rendering to users.
  • Privilege minimization: AI agents run with least-privilege scopes — no write access without explicit user action.
  • Insecure-plugin prevention: all AI tool integrations are reviewed and allowlisted before deployment.

Transparency & Explainability

  • AI-generated content is labeled in the product — users always know when output is AI-assisted.
  • Confidence scores and evidence citations accompany all AI compliance assessments.
  • Customers can request a human review of any AI-generated compliance determination.
  • ISO 42001 gap analysis is underway — certification targeted Q4 2027.
Active AI providers

AI provider routing & data agreements

Hosted inference — Azure AI Foundry
Microsoft Azure AI Foundry
grok-4-mini (base model)
ActiveAI audit narratives, control gap analysis, evidence classification, policy drafting, and risk generation.Processed within Azure AI Foundry under Microsoft’s enterprise data-protection commitments · transfers covered by SCCs / DPF · customer data contractually prohibited from training foundation models.