NIST AI RMF governance page
Govern
pAIgeBOTS assigns accountability for security, privacy, incident response, vendor review, and model configuration. Access is role-based, sessions are controlled server-side, and customer workspaces are separated by company membership.
Map
We treat healthcare, technology, and manufacturing use cases differently and scope prompts using approved context values instead of trusting arbitrary browser-supplied system prompts. We aim to minimize data collection and avoid retaining conversation content by default.
Measure
We measure system activity through audit logs, blocked PHI submissions, authentication events, and rate-limit responses. We also expect periodic review of output quality, hallucination patterns, and control effectiveness before expanding into higher-risk use cases.
Manage
We manage risk through rate limiting, PHI detection, secure headers, session encryption, vendor due diligence, documented policies, and a formal incident response process. Higher-risk claims, including HIPAA or SOC 2 statements, must track actual completed controls rather than aspirational marketing language.
Human oversight
AI outputs are decision support, not final authority. Users remain responsible for reviewing outputs before operational, contractual, legal, or patient-impacting use.
Contact
Governance questions should be sent to governance@paigebots.com.