Our Method
The Kittora Governed Delivery Method
A structured approach to AI delivery, mapped directly to the NIST AI Risk Management Framework. Every phase produces tangible artefacts that procurement teams recognise and auditors expect.
Framework alignment
NIST AI Risk Management Framework (AI RMF 1.0)
Govern
NIST AI RMF: Govern
Establish accountability, policies, and risk appetite for AI systems.
Before building anything, we establish the governance foundations. This includes defining who owns AI decisions, what your organisation's risk appetite looks like, and the policies that will guide all AI work.
Typical duration: 2-4 weeks
Tangible Outputs
- AI Governance Charter
- RACI Matrix for AI Decisions
- Risk Appetite Statement
- AI Policy Framework
- Stakeholder Communication Plan
Map
NIST AI RMF: Map
Identify AI use cases, data flows, and risk boundaries.
We map the terrain: which AI use cases matter, what data flows are involved, where privacy and risk boundaries exist, and what the operational context looks like. This creates a clear picture before any build begins.
Typical duration: 2-3 weeks
Tangible Outputs
- AI Use Case Inventory
- Data Flow Diagrams
- Privacy Impact Assessments
- Third-Party AI Register
- Risk Boundary Documentation
Measure
NIST AI RMF: Measure
Quantify risks, define metrics, and establish baselines.
With the map in hand, we measure what matters. This means quantifying AI risks, defining success metrics, establishing baselines for performance and compliance, and creating the measurement infrastructure.
Typical duration: 2-3 weeks
Tangible Outputs
- AI Risk Register (Quantified)
- Performance Metrics Framework
- Compliance Baseline Assessment
- Monitoring Requirements
- Success Criteria Documentation
Manage
NIST AI RMF: Manage
Implement controls, monitoring, and continuous improvement.
Finally, we implement the controls, deploy the monitoring, and establish the improvement loops. This is where governance becomes operational — with approval gates, logging, alerting, and rollback capabilities.
Typical duration: Ongoing
Tangible Outputs
- Control Implementation
- Monitoring Dashboard
- Incident Response Playbook
- Continuous Improvement Plan
- Training & Enablement Materials
Why this approach
Governance built into delivery
Most AI projects fail not because of technology, but because of weak controls and unclear accountability. Our method addresses both problems by making governance a delivery prerequisite, not an afterthought.
Procurement-ready
Every output is designed to satisfy enterprise procurement requirements and due diligence processes.
Audit-friendly
Structured documentation and clear decision trails make audits straightforward.
Risk-proportionate
Controls scaled to actual risk levels — not over-engineered compliance theatre.
See the method in action
Book a Risk & Readiness Call to discuss how the Kittora method applies to your AI challenge.