.html Interactive Tool ✓ Professional Edition Updated Q2 2026

AI Risk Treatment Tracker Tool

Turn identified AI risks into tracked, approved treatment actions. Seven ISO 31000 treatment options, four-tier authority band routing, SLA enforcement with overdue alerts, approval evidence capture, and branded PDF governance reports. Import risks directly from the companion Risk Register with one click. Zero install, zero subscription, zero telemetry.

Tabs

PDF Reports

Frameworks

Install Required

ISO 42001:2023 ISO 31000:2018 ISO 23894:2023 NIST AI RMF 1.0 EU AI Act 2024

What This Capability Typically Costs

GRC platforms bundle risk, compliance, audit, and vendor management under annual subscriptions that often require professional services, onboarding, and team training before your organization sees full value. This tool is a fit-for-purpose program enhancement. It covers one specific workflow, works immediately in your browser, and doesn’t require committing to a technology platform just to access the capability you need.

GRC Platform Pricing

Entry-level (Sprinto, Vanta)$5,000 – $15,000/yr

Mid-market (Hyperproof, ZenGRC)$12,000 – $72,000/yr

Enterprise (LogicGate, Archer)$25,000 – $150,000+/yr

Recurring$5,000+/yr

This tool

One-time purchase$150.00

RenewalNone. Yours forever

Authority routing + PDFIncluded

Framework mappingIncluded

One-time$150.00

$4,850+ first-year savings

vs. $5,000+/yr entry-level GRC platform. Own it forever

Platform pricing based on published 2026 rates from Sprinto, Vanta, Hyperproof, ZenGRC, and LogicGate

$150.00

One-time purchase · Instant download

✓Single .html file. Runs in any browser, no install, no subscription
✓6 tabs: Dashboard, Treatment Register, Authority Approval, Action Plans, Export, Purpose & Context
✓7 ISO 31000 treatment options with 4-tier authority band routing and SLA enforcement
✓4 PDF report types: Full Register, Executive Summary, Overdue Treatments, Authority Matrix
✓Auto-saves to browser localStorage. Your data never leaves your machine
✓Import directly from AI Risk Register Tool JSON export. Also export JSON, CSV, PDF.

.html Zero Install ISO 42001 ISO 31000 NIST AI RMF ✦ v1.0

How It Works

Download. Open. Track.

Download

Single .html file arrives instantly after purchase

Open in Browser

Double-click the file or drag into Chrome, Edge, Firefox

Import Risks

Import from Risk Register JSON or add treatments manually

Track & Approve

Route to authority, capture approvals, monitor SLAs, export PDF

No server, no login, no subscription. Your data auto-saves to your browser. Export anytime as JSON backup, CSV for spreadsheets, or branded PDF governance reports for audit evidence.

Screenshots

See it in action

1 / 9

Click image to zoom · 9 screenshots shown

Overview

What this tool does

Identifying AI risks is only half the job. The other half. Tracking treatment actions, routing approvals through the correct authority tier, enforcing SLA deadlines, and capturing evidence that decisions were made by authorized personnel. Is where most teams fall apart. Spreadsheets have no approval workflow. SaaS GRC platforms cost $15K–$100K/year and send your data to third-party servers.

This tool closes the loop between risk identification and risk treatment. Seven ISO 31000 treatment options (avoid, reduce, transfer, share, retain, exploit, enhance) with four authority band tiers (operational, tactical, strategic, board). Automated SLA tracking with overdue alerts. Formal approval evidence capture with timestamp, authority name, and rationale. Action plan decomposition linking treatments to specific implementation steps with owners and deadlines.

Import risks directly from the companion AI Risk Register Tool via one-click JSON import. No copy-pasting between tools. The entire treatment lifecycle stays in a single file you own outright.

What’s Inside

6 Tabs · Interactive Application

Real-time treatment portfolio overview. KPI cards showing total treatments, overdue count, approval completion rate, and average time-to-close. Treatment distribution by option type and authority band. SLA compliance chart tracking on-time vs. overdue actions. Clickable severity bands linking directly to filtered register views.

Live MetricsSLA Tracking

Full CRUD interface for treatment actions. Each record captures: risk ID (linked from Risk Register import), treatment option (7 ISO 31000 options), responsible owner, authority band (auto-routed by residual severity), target date, SLA status (auto-calculated), implementation status, residual score, review schedule, and evidence attachments. Sortable, filterable, with overdue highlighting.

ISO 31000 Cl. 6.5NIST MANAGE 4.1

Four-tier authority band routing based on residual risk severity. Operational (low risks, team lead approval), Tactical (medium, department head), Strategic (high, executive/CISO), Board (critical, board-level sign-off). Each approval captures: approver name, role, timestamp, rationale, and conditions. Separate audit-facing view showing the complete approval chain per treatment.

ISO 42001 Cl. 5.1ISO 23894 Cl. 6.4

Decompose each treatment into implementation action steps. Each action captures: description, owner, start date, target date, status, dependencies, and completion evidence. Tracks progress at the sub-task level so you can see exactly where a treatment is stalled. Gantt-style timeline view for active treatments.

ISO 42001 A.5.4NIST MANAGE 2.1

Full data management: JSON export/import (with backup-before-import safety), CSV export for spreadsheets, 4 branded PDF report types via jsPDF, auto-export to folder (File System Access API), storage size indicator, and “Import Risk Register JSON” button for one-click cross-tool data flow from the companion Risk Register.

JSONCSVPDF

First-open onboarding with guided tour wizard (skippable). Explains the tool purpose, regulatory context (ISO 42001, ISO 31000, ISO 23894, EU AI Act, NIST AI RMF), the authority band model, and step-by-step quickstart. Includes framework citations with source references.

OnboardingFramework Context

Audience

Who uses this tool

📋

AI Risk Manager

Primary operator. Imports risks, assigns treatment options, routes to correct authority band, tracks SLA deadlines, captures approval evidence, and generates PDF governance reports.

🔐

CISO / AI Officer

Reviews strategic and board-tier treatment decisions. Uses the Authority Approval tab to sign off on high/critical risk treatments. Monitors overdue actions via the dashboard.

🔧

Treatment Owner

Implements assigned treatment actions. Updates action plan progress, marks steps complete, and provides implementation evidence for the approval chain.

🔍

Internal Auditor

Uses PDF reports as primary audit evidence. Verifies approval authority compliance, SLA adherence, treatment option appropriateness, and evidence completeness through export system.

Framework Alignment

Standards coverage

42001

ISO/IEC 42001:2023

Fulfills A.5.4 risk treatment planning and Cl. 6.1.2 actions to address risks. Authority band model supports Cl. 5.1 leadership commitment evidence.

A.5.4Cl. 6.1.2Cl. 5.1Cl. 7.5

31000

ISO 31000:2018

Seven treatment options directly from Cl. 6.5. Monitoring and review per Cl. 6.6. Risk communication aligned to Cl. 6.2. Complete treatment lifecycle coverage.

Cl. 6.5Cl. 6.6Cl. 6.2

23894

ISO/IEC 23894:2023

AI-specific risk treatment guidance. Authority model supports Cl. 6.4 criteria for AI risk decisions. Treatment tracking satisfies Cl. 6.5 AI risk treatment planning.

Cl. 6.4Cl. 6.5Cl. 6.6

NIST

NIST AI RMF 1.0

Treatment actions map to MANAGE function. Dashboard tracks MEASURE outcomes. Action plans satisfy MANAGE 2.1 resource allocation. SLA tracking supports MANAGE 4.1.

MANAGE 2.1MANAGE 4.1MEASURE 2.1

EU AI Act 2024

Treatment tracking satisfies Art. 9 risk management system requirements for high-risk AI. Approval evidence demonstrates Art. 17 quality management system implementation. Action plans support Art. 61 post-market monitoring obligations.

Art. 9Art. 17Art. 61

Value Proposition

Why not a spreadsheet or SaaS platform?

✓ This Tool

✓4-tier authority routing with formal approval capture. No manual escalation tracking.

✓Automated SLA enforcement with overdue alerts. No formula maintenance.

✓Data stays on your machine. No third-party servers, no telemetry.

✓One-time $150. No subscription, no per-seat fees, no annual renewal.

✓Direct import from Risk Register. One-click cross-tool data flow.

✓Works offline. Branded PDF reports ready for auditors.

✗ Alternatives

✗Spreadsheets: No authority routing, no SLA automation, no approval evidence chain.

✗SaaS GRC: $15K–$100K/year, long procurement, vendor lock-in, data sovereignty risk.

✗Custom web app: 90–150 hours of developer time at $50–$120/hr.

✗Email-based approvals: No audit trail, no SLA tracking, lost in inboxes.

✗Multi-tool workflows: Copy-paste between register, tracker, and approval system. Data sync errors.

✗Open-source tools: Require hosting, maintenance, security patching, and configuration.

“Why is this only $150?”

I’ve been building governance documentation since 2012. That year I helped my healthcare analytics company earn its first HITRUST certification. Since then I’ve created and managed compliance documentation for SOC 2, PCI DSS, HITRUST, and ISO 27001 programs across enterprise organizations. I have a writing degree and I genuinely like this work.

HITRUST CSF SOC 2 PCI DSS ISO 27001 14 Years in GRC Writing Degree

Credentials don’t explain the price though. This does:

I want AI adopted responsibly. I don’t want my friends, my family, or my kids dealing with threats and risks that come from deploying AI without governance. Organizations will take the path that earns them the most money. That’s how business works. So I feel obligated to put quality tools out at a price where governance isn’t something only Fortune 500 companies can afford. SaaS GRC platforms charge $15K–$100K per year. I’m charging $150 once.

You’re building something that matters. A treatment tracking system that earns trust from your board, your customers, and your team. And it has to work.

The citations in these templates were checked against the published standards. The actual ISO 42001:2023 PDF, the EU AI Act regulation text, the NIST AI RMF 1.0 document. Control IDs, article numbers, framework mappings. This is practitioner-built tooling from someone who’s sat in the audits, written the remediation plans, and knows what survives a compliance review.

Derrick Jackson // Founder, Tech Jacks Solutions

Related Templates

Works with these

★ BUNDLE DEAL. SAVE 30%

Get the complete AI Risk Management Command Bundle

Includes this Treatment Tracker Tool plus the Risk Register Tool, 10 governance documents, and Excel workbooks. Everything you need for a complete AI risk program.

Important

This tool is a starting point, not a finished product. It provides a professionally structured interactive treatment tracker with verified framework citations to accelerate your AI risk treatment program. It does not replace legal counsel, compliance review, or organizational judgment. Every organization is different. You’ll need to configure authority bands and treatment options for your specific regulatory context, risk tolerance, and operational environment. Your data is stored locally in your browser via localStorage and is never transmitted to any server. You are responsible for backing up your data via the export function. Framework citations reflect standards as of Q2 2026. Single organization license. All purchases include a 14-day money-back guarantee.

Interactive HTML tool for AI risk treatment tracking with ISO 31000 options, 4-tier authority routing, SLA enforcement, and approval evidence capture. 6 tabs, 5 frameworks. Zero install, runs in browser.