BUNDLE .DOCX Professional

AI Risk Management Core Bundle

Five connected documents covering the full AI risk management lifecycle, from internal governance through third-party procurement. Scoring methodology, appetite thresholds, treatment planning, formal risk acceptance, and vendor due diligence, all designed to reference each other. Built for teams standing up ISO 42001 or NIST AI RMF who need both internal and supply chain risk governance.

5Documents

636+Citations

5Frameworks

92Hrs Saved

ISO 42001 NIST AI RMF EU AI Act ISO 23894 CSA Supply Chain

⚡ LAUNCH SALE — 15% OFF

CORE BUNDLE

$99

$84

$145 individually

Save $61 (42% off individual pricing)

Sale ends June 10, 2026

✓AI Risk Mgmt & Governance Framework (.docx)
✓AI Risk Appetite & Tolerance Statement (.docx)
✓AI Residual Risk Acceptance Statement (.docx)
✓AI Risk Treatment Plan (.docx)
✓AI Procurement & Third-Party AI Risk Policy (.docx)
✓Bundle Quick-Start Guide

Instant Download 14-Day Guarantee Single Org License

Itemized Value

What you get, and what each piece costs individually

Bundle Contents

.DOCXAI Risk Mgmt & Governance Framework

$35

.DOCXAI Risk Appetite & Tolerance Statement

$25

.DOCXAI Residual Risk Acceptance Statement

$25

.DOCXAI Risk Treatment Plan

$30

.DOCXAI Procurement & Third-Party AI Risk Policy

$30

FREEBundle Quick-Start Guide

Included

What’s Inside

5 documents + Quick-Start Guide

.DOCX

AI Risk Mgmt & Governance Framework

Your organization’s master AI risk governance document. Establishes the 5-band risk scoring methodology, treatment authority hierarchy, and cross-framework RACI matrix referenced by every other document.

ISO 42001 NIST AI RMF EU AI Act

✓27 pages · 233 verified citations
✓5-band risk scoring methodology
✓Cross-framework RACI matrix

.DOCX

AI Risk Appetite & Tolerance Statement

Translates risk scores into board-actionable decisions. Without approved thresholds, risk scores lack governance authority.

ISO 42001 Cl. 6.1.1 NIST GOVERN 1.3

✓51 verified citations
✓5-band tolerance table
✓Category-level appetite by AI type

.DOCX

AI Residual Risk Acceptance Statement

The governance checkpoint triggered when residual risk stays elevated after treatment. The artifact auditors specifically request.

ISO 42001 Cl. 6.1.3 NIST MANAGE 1.2

✓44 verified citations
✓Authority matrix (Lead/CRO/Board)
✓Horizontal acceptance register

.DOCX

AI Risk Treatment Plan

Operationalizes all 7 ISO 42001 treatment options with authority tiers and decision criteria. Cross-references 38 Annex A controls.

ISO 42001 Cl. 6.1.3a–g NIST MANAGE 2.1–2.4

✓172 verified citations
✓38 Annex A controls cross-referenced
✓Split identification + implementation register

.DOCX

AI Procurement & Third-Party AI Risk Policy

Extends your risk governance to vendor and supply chain AI. Vendor classification tiers, three-way sign-off governance, and a 28-question vendor risk questionnaire.

ISO 42001 A.10 EU AI Act Art. 25–26 CSA Supply Chain

✓136 verified citations across 4 frameworks
✓4-tier vendor classification system
✓28-question vendor risk questionnaire

All five documents use consistent terminology, reference the same frameworks, and share the same 5-band risk scoring methodology. The Procurement policy extends the risk governance established by the Framework into your vendor and supply chain relationships. The Quick-Start Guide provides a 30-day rollout plan and cross-document dependency map.

Architecture

Governance policy architecture

Five interlocking governance documents covering internal risk governance and third-party supply chain risk. Each document references the others by name and methodology, creating a closed-loop policy framework from risk identification through vendor due diligence.

L1. Internal Risk Governance (4 .docx)

Risk Framework Appetite Statement Residual Acceptance Treatment Plan

L2. Supply Chain Risk (1 .docx)

Procurement & Third-Party AI Risk Policy

Audience

Who deploys this bundle

🛡️

Governance Lead

Deploys internal and supply chain risk governance in one purchase. Framework provides authority structure, appetite calibrates thresholds, treatment plan defines 7 ISO options, acceptance closes the loop, and procurement extends it to vendors.

📈

Risk Manager

Gets internal risk governance plus vendor risk evaluation. The appetite statement calibrates thresholds, the treatment plan defines 7 ISO options with authority tiers, and the procurement policy adds 4-tier vendor classification with due diligence workflows.

⚖️

Compliance Officer

Every document maps to ISO 42001 clauses, NIST AI RMF functions, and EU AI Act articles. Citations verified against source PDFs for audit-aligned evidence.

🔍

Auditor

Finds a complete risk governance evidence chain: appetite statement with board-approved thresholds, treatment plan with 7 ISO options, and acceptance authority matrix with sign-off workflow.

Value Proposition

This bundle vs. building from scratch

✓ Core Bundle ($84)

✓5 documents + Quick-Start Guide in one download

✓636+ citations verified against source PDFs

✓Consistent 5-band methodology across all docs

✓Internal + supply chain risk in one purchase

✓~10 hours to customize for your organization

✗ From Scratch (92+ hrs)

✗Research 5 frameworks and extract requirements

✗Draft and verify each citation individually

✗Ensure cross-document consistency yourself

✗Maintain cross-document consistency yourself

✗92+ hours of research, drafting, and review

ROI Calculator

Build from scratch

Framework research

Drafting

Review & validation

Cross-framework mapping

Total

With this bundle

Bundle purchase$84

Customize for your org

Total

Framework Coverage

5 frameworks mapped across all documents

ISO/IEC 42001:2023

AI Management System. Cl. 4–10 + 38 Annex A controls. Required for AIMS certification.

NIST AI RMF 1.0

Govern / Map / Measure / Manage functions. Core risk assessment methodology.

EU AI Act

Risk classification, high-risk requirements (Art. 9–15), prohibited practices (Art. 5), provider/deployer obligations (Art. 25–26).

ISO/IEC 23894:2023

AI risk management guidance. Risk criteria, identification, analysis, evaluation, and treatment.

CSA Supply Chain

AI supply chain security guidance. Vendor evaluation, third-party risk controls, and procurement security requirements.

Why $84 for 5 AI risk management documents?

Building these from scratch means reading ISO 42001, NIST AI RMF, the EU AI Act, ISO 23894, and the CSA AI supply chain guidance, then turning those requirements into operational documents that work together and hold up in an audit. Most teams spend 92+ hours on that.

These 5 documents share one scoring methodology, reference each other by name, and cover the full risk decision chain from internal governance through vendor procurement. That consistency, both internally and across your supply chain, is what takes the most time to build, and it’s what auditors notice when it’s missing.

5 Frameworks Mapped Cross-Document References 5-Band Risk Methodology 92+ Hours Saved

I’ve been building governance documentation since 2012. That year I helped my healthcare analytics company earn its first HITRUST certification. Since then I’ve created and managed compliance documentation for SOC 2, PCI DSS, HITRUST, and ISO 27001 programs across enterprise organizations. I have a writing degree and I genuinely like this work.

HITRUST CSF SOC 2 PCI DSS ISO 27001 14 Years in GRC Writing Degree

Credentials don’t explain the price though. This does:

I want AI adopted responsibly. I don’t want my friends, my family, or my kids dealing with threats and risks that come from deploying AI without governance. Organizations will take the path that earns them the most money. That’s how business works. So I feel obligated to put quality documentation out at a price where governance isn’t something only Fortune 500 companies can afford. I don’t need to charge thousands of dollars to make a difference. I care about helping where I can.

Derrick Jackson // Founder, Tech Jacks Solutions

Related Templates

Expand your risk management program

NIST AI RMF EU AI Act ISO 42001 ISO 23894 CSA

5 professional .docx templates
106+ total pages
636+ verified citations
5-band risk methodology
Cross-document references
Quick-Start Guide included
Instant download

AI Risk Mgmt Framework (27 pg)
AI Risk Appetite Statement (14 pg)
AI Residual Risk Acceptance (13 pg)
AI Risk Treatment Plan (28 pg)
AI Procurement Policy (24 pg)

The Command Bundle adds the Risk Register, SoA, assessments, KRI dashboard, and 3 interactive tools.

Important

These templates are a starting point, not a finished product. They accelerate your risk management program by providing a professionally structured foundation with verified framework citations. They do not replace legal counsel, compliance review, or organizational judgment. Every organization is different. Customize the content for your specific regulatory context, risk tolerance, and operational environment. Route completed documents through your legal, compliance, and governance teams before adoption. Framework citations reflect regulations as of Q1 2026. Check for updates to the EU AI Act, ISO 42001, and NIST AI RMF before your annual policy review. Single organization license. All purchases include a 14-day money-back guarantee. If the bundle does not meet your needs, contact us for a full refund.