GLACIS logo GLACIS
Colorado AI Act Jun 30, 2026 | EU AI Act Aug 2, 2026 | California ADMT 2026
Continuous Verification & Compliance

Continuous AI governance, backed by independent verification

GLACIS Comply turns runtime attestation receipts into continuous governance across ISO 42001, NIST AI RMF, EU AI Act, and audit export workflows. It fits beside Vanta, Drata, and your existing GRC stack.

Request a demo

Positioning

Vanta and Drata document controls. GLACIS verifies AI controls ran.

You already run SOC 2 and ISO 27001 through Vanta or Drata. GLACIS adds the AI-specific verification layer: runtime receipts, framework mapping, and exportable evidence that your controls executed—not just that they were documented.

Not a replacement. An addition.

Platform capabilities

Built for AI compliance from the ground up

ISO 42001 Annex A reference controls

Full coverage of the AI management system standard’s control domains with structured mapping.

NIST AI RMF function mapping

Govern, Map, Measure, Manage—aligned to the AI Risk Management Framework.

Automated control population from attestation receipts

Controls populate automatically as evidence flows in. Less manual work, fewer gaps.

Multi-framework crosswalks

Map once, satisfy many. One control can cover ISO 42001, NIST AI RMF, and EU AI Act simultaneously.

OSCAL-compatible Evidence Pack export

Machine-readable evidence packs in NIST OSCAL format for auditors and downstream tools.

Certification wizard

Guided workflow from gap analysis to audit-ready documentation. Know exactly what’s left to do.

Multi-tenant architecture with RBAC

Tenant isolation with role-based access. Each business unit gets its own compliance scope.

Webhook ingestion and audit logging

Ingest events from any source. Every action is logged with an immutable audit trail.

Who this is for

Your compliance stack has a gap. We fill it.

  • GRC teams adding AI governance to their framework stack
  • AI vendors needing ISO 42001 compliance for enterprise sales
  • Health systems with AI governance committees
  • Anyone facing Colorado AI Act or EU AI Act deadlines

Pricing

$30–60K / year

Depending on org size and number of AI systems.

Typical onboarding: 4–8 weeks

Request a demo

FAQ

Common questions

How does this integrate with Vanta or Drata?
GLACIS handles the AI-specific governance controls that Vanta and Drata don’t cover. We complement your existing GRC stack rather than replace it. Export evidence in OSCAL format for unified reporting.
What frameworks are supported?
ISO 42001, NIST AI RMF, EU AI Act requirements, Colorado AI Act, HIPAA privacy/security requirements relevant to AI deployments, SOC 2 AI controls, and NIST 800-53 mappings. Multi-framework crosswalks let you satisfy multiple requirements simultaneously.
How long does onboarding take?
Typical onboarding is 4–8 weeks. We map your existing AI systems, configure controls, and establish baseline compliance posture.
Can we start with an assessment first?
Yes. Many clients begin with a Governance Assessment to establish their baseline, then transition to the platform for ongoing monitoring.
Do you support multi-tenant environments?
Yes. Full RBAC with tenant isolation. Each business unit or AI system can have its own compliance scope while rolling up to a unified organizational view.

Also from GLACIS

Compliance is one surface. Here’s the rest of the stack.

Assess

Know where you stand before the deadline hits

A structured governance assessment against ISO 42001 and NIST AI RMF, delivered in 3–4 weeks. The natural starting point before continuous compliance.

Book an assessment

Deploy

Ship AI without the risk. Keep data home.

A zero-egress proxy inside your VPC that runs configurable controls on every AI inference call and generates cryptographic evidence.

Talk to us about deployment