Framework Builder
The Framework Builder generates a complete, customized AI governance framework for your organization through a guided 5-step wizard.
Overview
Most organizations know they need AI governance but struggle with where to start. The Framework Builder walks you through a structured intake process and produces a comprehensive governance framework tailored to your industry, size, regulatory exposure, and AI maturity level.
WARNING
The Framework Builder requires a Business+ tier subscription. It is not available on Free or Starter plans.
The 5-Step Wizard
Step 1: Select Industry Archetype
Choose the industry archetype that best describes your organization:
| Archetype | Description |
|---|---|
| Healthcare | Hospitals, clinics, health tech, pharma, medical devices |
| Financial Services | Banking, insurance, wealth management, fintech |
| SaaS | Software-as-a-service, cloud platforms, developer tools |
| Government | Federal, state, local government agencies |
| Manufacturing | Industrial, automotive, supply chain, logistics |
| Education | K-12, higher education, ed-tech |
| Retail | E-commerce, brick-and-mortar, consumer goods |
| Legal | Law firms, legal tech, compliance services |
| Consulting | Professional services, advisory, managed services |
Your industry archetype determines which regulatory requirements are emphasized, which risk scenarios are highlighted, and which governance patterns are recommended.
Step 2: Organization Size
Select the size category that fits your organization:
| Size | Typical Characteristics |
|---|---|
| Startup | Under 50 employees, early-stage, limited compliance infrastructure |
| SMB | 50-250 employees, growing compliance needs |
| Mid-Market | 250-2,000 employees, formal compliance programs |
| Enterprise | 2,000+ employees, mature compliance, multiple business units |
Organization size affects the recommended governance structure, approval chain complexity, and resource allocation guidance.
Step 3: Regulatory Exposure
Multi-select the compliance frameworks that apply to your organization:
- HIPAA
- SOC 2
- GDPR
- FINRA + SOX
- EU AI Act
- NIST AI RMF
Select all that apply. The framework will incorporate requirements from each selected regulation and map them to specific governance recommendations.
Step 4: AI Maturity Assessment
Assess your organization's current AI maturity:
| Level | Description |
|---|---|
| Exploratory | Evaluating AI use cases, no production deployments |
| Experimenting | Running pilots or proof-of-concepts, limited production use |
| Operational | AI in production for one or more workflows, active governance needed |
| Autonomous | AI operating with significant autonomy, advanced governance required |
Your maturity level determines the complexity and immediacy of recommendations. Exploratory organizations receive foundational guidance, while Autonomous organizations receive advanced governance patterns.
Step 5: Review and Generate
Review all your selections, then click Generate Framework. The AI analyzes your inputs and produces the complete framework document.
Framework Output
The generated framework includes the following sections:
Executive Summary
A concise overview of your governance needs, key risks, and recommended approach. Written for leadership audiences.
Roles and Responsibilities Matrix
Defines who is responsible for each aspect of AI governance:
- AI governance lead
- Policy administrators
- Escrow reviewers
- Compliance liaisons
- Incident responders
Decision Authority Matrix
Maps decision types to authority levels:
- What decisions agents can make autonomously
- What requires human review
- What requires multi-level approval
- What is prohibited
Change Management Process
Defines how governance changes (new policies, tier adjustments, agent onboarding) are proposed, reviewed, approved, and deployed.
Accountability Cadence
Recommends a regular review schedule:
- Daily: Escrow queue review, violation triage
- Weekly: Governance metrics review, policy effectiveness assessment
- Monthly: Compliance pack review, agent audit
- Quarterly: Framework review, maturity reassessment
Checkpoints
Defines governance checkpoints at critical stages of the AI lifecycle -- model selection, training, deployment, monitoring, and decommissioning.
Recommended Policies
Specific CHAM policy recommendations based on your industry, size, regulatory exposure, and maturity. Each recommendation can be applied directly from the framework output.
AI-Powered "Why" Narratives
Every recommendation in the generated framework includes an AI-written explanation of why it applies to your specific organization. These are not generic descriptions -- they reference your industry, size, regulatory requirements, and maturity level to explain the reasoning.
For example, instead of:
"Implement a confidence floor policy."
You would see:
"As a mid-market healthcare organization subject to HIPAA and currently at the Operational AI maturity level, a confidence floor of 0.85 is recommended for all actions involving PHI. This threshold balances operational efficiency with the HIPAA Security Rule's requirement for reasonable safeguards. At your maturity level, your agents are reliable enough to clear most actions autonomously, but PHI-related actions warrant additional caution."
TIP
The "why" narratives are particularly valuable for communicating governance decisions to leadership and compliance teams. They provide the business justification alongside the technical recommendation.
Related Features
- Compliance Packs -- Apply the policies recommended by the framework
- Governance Policies -- Manually create policies recommended in the output
- Tier Mapping -- Configure tier assignments from the decision authority matrix