10-Layer AI Governance Maturity Self-Assessment
30 questions across 10 layers. Per-layer score, overall 0-100 + A-F grade, industry benchmark comparison, prioritized remediation moves for weak spots. Same framework JieGou uses to architect its own platform and assess every customer engagement. 20-30 min to complete. Free. No sales-call condition.
The framework belongs to you whether or not you ever work with JieGou. Run it yourself (Path A), walk through it with us (Path B), or send raw answers for a written analysis (Path C). Three paths; same operational truth.
§1 — Why this exists
The AI-governance gap is real, and architecture-grade frameworks for it are not yet canonical.
80% of Fortune 500 companies had deployed AI agents in production. Only 14% had received security approval for those deployments.
Fortune 500 governance survey, late 2025
That gap is not a vendor problem. It's a governance-maturity problem. The technology shipped faster than the organizational practices, and the practices most companies need don't yet have a canonical form. This assessment is one attempt at canonical form — drawn from regulatory frameworks (SOC 2, EU AI Act, NIST AI RMF, ISO 42001), from production deployments JieGou operates today, and from gaps we've watched customers hit when their AI estate scaled past one or two workflows.
Three uses the result supports:
- Internal baseline — know where you actually are, layer by layer
- Board / audit defense — concrete evidence of where you are mature, where you have gaps, and what you're doing about them
- Peer benchmark — see where your maturity sits relative to organizations of comparable size
The assessment does not require any JieGou product to use. The framework is the framework whether you build, buy, or operate AI workflows.
§2 — The 10 layers
What each layer covers, and why it matters.
| # | Layer | What it covers | Why it matters |
|---|---|---|---|
| 1 | Identity & Access | RBAC for AI tools, per-agent identity (not just per-user), SSO/SAML for AI consoles | Without agent-level identity, you can't tell who did what — humans and agents collapse into one audit subject |
| 2 | Audit Trail | Action logging with full attribution, decision traceability back to source data and prompts, evidence export for compliance reviews | "Why did the AI do that?" must have an answer; "show me the evidence" must be exportable |
| 3 | Data Governance | PII / PHI detection, data residency controls, encryption at rest for keys and credentials | Regulators ask data-residency questions before they ask AI-quality questions |
| 4 | Human Oversight | Approval gates for consequential AI actions, graduated autonomy (not binary on/off), low-confidence escalation policies | Shadow Mode discipline scales; "trust the AI" doesn't |
| 5 | Model Governance | Multi-provider evaluation, certified / approved model registry, provider-portability (workflows don't rewrite when you switch LLMs) | Provider lock-in becomes provider risk when prices, policies, or capabilities shift |
| 6 | Tool Governance | Access controls on which tools AI agents can invoke, human-approval gates on high-impact tool calls, certified / tested integrations | AI without tool boundaries is AI with arbitrary code execution |
| 7 | Compliance | Regulatory framework mapping (SOC 2 / EU AI Act / HIPAA / GDPR), tracking dashboards, documented governance policies | The EU AI Act enforcement period starts in phases through 2026-27; mapping is no longer optional |
| 8 | Cost Controls | Per-agent / per-workflow token budgets, rate limiting on AI requests, departmental cost allocation | The first unbounded-LLM-loop bill is the one that makes Finance care about governance |
| 9 | Observability | Real-time AI activity monitoring, workflow-health dashboards, output-quality tracking over time | "Is the AI still working as well as last quarter?" needs a metric, not a hunch |
| 10 | Incident Response | Dead-letter queue / retry mechanism for failed operations, incident tracking for AI failures, vendor risk register | When (not if) an AI vendor has an outage, your incident response posture decides the blast radius |
§3 — How scoring works
Four answer levels per question. Weighted layer scores. Overall 0-100 + grade.
Per-question answer levels (4 levels)
| Answer | Value | What it means |
|---|---|---|
| Not implemented | 0 | Capability doesn't exist in your environment |
| Basic / ad hoc | 1 | Exists informally, inconsistently, or for some workflows but not others |
| Moderate / documented | 2 | Implemented + documented; covers most production workflows |
| Comprehensive / enforced | 3 | Implemented + enforced + audited; covers all production AI workflows |
Each question carries a weight (2 or 3) reflecting its importance within the layer. Layer score = (weighted sum of normalized answers) × 10 → produces a 0-10 score.
Layer status (0-10 → band)
| Score | Status | Action |
|---|---|---|
| 8.0 – 10.0 | Strong | Mature; maintain + extend |
| 5.0 – 7.9 | Adequate | Operational gaps in specific areas |
| 2.0 – 4.9 | Weak | Significant gaps; prioritize remediation |
| 0.0 – 1.9 | Missing | Layer is essentially absent |
Overall score (0-100) → grade
| Overall score | Grade | Interpretation |
|---|---|---|
| 90 – 100 | A | Industry-leading governance maturity |
| 75 – 89 | B | Solid foundation, gaps in specific layers |
| 55 – 74 | C | Material governance gaps; remediation priority |
| 35 – 54 | D | Governance significantly underweighted relative to AI deployment |
| 0 – 34 | F | Critical gap — board / audit / regulator exposure |
§4 — Industry benchmarks
Where most organizations actually sit (median scores by company size).
| Company size | Median overall score |
|---|---|
| Enterprise (10,000+ employees) | ~42 |
| Mid-market (500-10,000) | ~35 |
| SMB (50-500) | ~25 |
| Startup (<50) | ~20 |
A "B" grade (75+) puts you in the top decile across all sizes. This isn't because most organizations are bad — it's because AI deployment outran AI governance for everyone.
§5 — The 30 questions
Be honest. "Ad hoc" is more useful than aspirational.
For each question, pick the answer that best matches your current state (0 = not implemented, 1 = ad hoc, 2 = documented, 3 = enforced + audited). The point of self-assessment is operational truth, not an aspirational story.
Layer 1 — Identity & Access
| # | Question | Weight |
|---|---|---|
| 1.1 | Do you have role-based access control for AI agent management? | 3 |
| 1.2 | Do your AI agents have their own identity (separate from the user who created them)? | 3 |
| 1.3 | Is SSO/SAML configured for your AI tooling? | 2 |
Layer 2 — Audit Trail
| # | Question | Weight |
|---|---|---|
| 2.1 | Are AI agent actions logged with full attribution? | 3 |
| 2.2 | Can you trace AI decisions back to source data and prompts? | 3 |
| 2.3 | Can you export audit evidence for compliance reviews? | 2 |
Layer 3 — Data Governance
| # | Question | Weight |
|---|---|---|
| 3.1 | Do you have PII/PHI detection in your AI workflows? | 3 |
| 3.2 | Are data residency controls configured for AI processing? | 3 |
| 3.3 | Are API keys and credentials encrypted at rest? | 2 |
Layer 4 — Human Oversight
| # | Question | Weight |
|---|---|---|
| 4.1 | Do you have approval gates before AI agents take consequential actions? | 3 |
| 4.2 | Do you use graduated autonomy levels (not just on/off)? | 3 |
| 4.3 | Do you have escalation policies for when AI confidence is low? | 2 |
Layer 5 — Model Governance
| # | Question | Weight |
|---|---|---|
| 5.1 | Do you evaluate multiple LLM providers for each use case? | 3 |
| 5.2 | Do you have a certified/approved model registry? | 2 |
| 5.3 | Can you switch LLM providers without rewriting workflows? | 3 |
Layer 6 — Tool Governance
| # | Question | Weight |
|---|---|---|
| 6.1 | Do you have access controls on which tools AI agents can use? | 3 |
| 6.2 | Do specific tools require human approval before agent invocation? | 3 |
| 6.3 | Are your MCP / tool integrations certified or quality-tested? | 2 |
Layer 7 — Compliance
| # | Question | Weight |
|---|---|---|
| 7.1 | Do you have a regulatory framework mapping for your AI systems (SOC 2, EU AI Act, etc.)? | 3 |
| 7.2 | Do you have a compliance dashboard tracking AI governance controls? | 2 |
| 7.3 | Do you have documented AI governance policies? | 3 |
Layer 8 — Cost Controls
| # | Question | Weight |
|---|---|---|
| 8.1 | Do you have per-agent or per-workflow token budgets? | 3 |
| 8.2 | Do you have rate limiting on AI agent requests? | 2 |
| 8.3 | Do you track and allocate AI costs by department or team? | 3 |
Layer 9 — Observability
| # | Question | Weight |
|---|---|---|
| 9.1 | Do you monitor AI agent activity and performance in real time? | 3 |
| 9.2 | Do you have metrics and dashboards for AI workflow health? | 2 |
| 9.3 | Do you track AI output quality over time? | 3 |
Layer 10 — Incident Response
| # | Question | Weight |
|---|---|---|
| 10.1 | Do you have a dead letter queue or retry mechanism for failed AI operations? | 2 |
| 10.2 | Do you have incident tracking for AI failures or misbehavior? | 3 |
| 10.3 | Do you maintain a vendor risk register for your AI providers? | 3 |
§6 — Per-layer remediation playbook
For any layer scoring Weak or Missing — top 3 moves, ordered by leverage.
- Implement RBAC with at least 3 distinct roles (admin / operator / viewer minimum)
- Give each AI agent its own scoped identity and per-tool permissions
- Configure SSO/SAML for centralized authentication across your AI tooling
- Log every AI agent action with full attribution (who initiated, what tool was called, what data was read, when, with what result)
- Ensure AI decisions can be traced back to specific input data + prompt versions
- Set up automated evidence export for compliance reviews (JSON, S3, or forward-to-SIEM)
- Deploy PII/PHI detection in all AI workflows processing personal data
- Configure data residency controls for regulated data categories (HIPAA / GDPR / industry-specific)
- Encrypt all API keys and credentials at rest with envelope encryption (KMS / Secrets Manager)
- Add approval gates before AI agents take consequential actions (outbound communication, ERP writes, financial transactions)
- Implement graduated autonomy levels instead of binary on/off controls (Shadow Mode → Supervised → Trusted, with per-workflow gating)
- Create escalation policies for low-confidence AI outputs (confidence threshold → human review)
- Evaluate multiple LLM providers with structured bakeoffs for each new use case
- Maintain a registry of approved models with version-pinning for production use
- Design workflows to be model-agnostic — workflows should not require rewrites when you switch primary providers
- Implement tool-level access controls in your MCP / integration layer (allowlist, not denylist)
- Require human approval for high-impact tool invocations (financial systems, external communications, data modification)
- Certify and quality-test tool integrations before production use; treat each integration as a release-gated component
- Map your AI systems to relevant regulatory frameworks (SOC 2 controls, EU AI Act risk tiers, sector-specific frameworks)
- Build a compliance dashboard tracking governance controls against framework requirements
- Document AI governance policies and make them auditable — written policies, version-controlled, with review cadence
- Set per-agent or per-workflow token budgets to prevent runaway costs from infinite loops or prompt-injection abuse
- Implement rate limiting on AI agent requests (per-user, per-account, per-workflow)
- Track and allocate AI costs by department or team for accountability and budget planning
- Monitor AI agent activity and performance in real time (latency, error rate, throughput)
- Build dashboards for AI workflow health and success rates (success rate, exception rate, time-to-completion)
- Track AI output quality over time to detect model drift, prompt regressions, and data-distribution shifts
- Implement a dead-letter queue for failed AI operations with retry policies
- Set up incident tracking for AI failures and misbehavior with named accountable owners
- Maintain a vendor risk register for all AI providers (uptime SLAs, data handling, sub-processor list, exit strategy)
§7 — What to do with your result
Three paths. All free. There's no Path D where we sell you something to score higher.
Run it yourself, use the report internally
Pick your answers, do the math (the formulas above), share with your team and board. The framework is yours to use. No need to send us anything.
Download markdown source →Walk through it with us (45-min call)
We'll facilitate the assessment, ask follow-up questions where "ad hoc" or "moderate" needs disambiguation, and produce a written report with your scores + tailored recommendations for your top 3 weak layers. No sales pitch in the call.
Schedule 45-min walk-through →Send us your raw answers; we send you a written analysis
Email your 30 answers (questionId → 0/1/2/3) to assessments@jiegou.ai. We produce a written report within 5 business days with scoring, status interpretation, prioritized recommendations, and (if relevant) peer-benchmark context for your size segment.
Email assessments@jiegou.aiWhichever path you pick, the report is the deliverable — not a sales call disguised as an assessment.
§8 — What we DON'T do with your answers
Explicit boundaries. The trust panel.
- ✕ We do NOT store your answers without explicit permission. If you pick Path C, we ask before retaining anything beyond the analysis window.
- ✕ We do NOT use your answers for sales targeting. The point is operational truth, not lead qualification.
- ✕ We do NOT share answers with other customers, partners, or aggregators. Per-organization data stays per-organization. Aggregated, anonymized benchmarks are produced only with explicit opt-in.
- ✕ We do NOT condition the report on a sales call. Path C produces a written report regardless of whether you ever talk to a JieGou rep.
- ✕ We do NOT upsell from weak-spot findings. If your weak layer maps to something JieGou doesn't operate (e.g., HR-side identity controls), we'll say so explicitly and recommend the right kind of partner.
- ✕ You can request deletion of your answers + report at any time. Email privacy@jiegou.ai. Confirmed within 5 business days.
These boundaries model our internal "we don't do that" exclusion-list discipline — explicit boundaries that protect both sides of the relationship.
§9 — Where the framework comes from
Synthesis of regulatory frameworks + production-deployment experience + customer pattern recognition.
We didn't invent these layers from scratch. They're the synthesis of three sources:
- Regulatory frameworks — SOC 2 Common Criteria (especially CC6 Logical & Physical Access, CC7 System Operations), EU AI Act risk tiers and conformity assessments, NIST AI Risk Management Framework, ISO/IEC 42001 AI Management System
- Production-deployment experience — JieGou's own platform runs on these 10 layers in production; the layer definitions reflect what we've had to build to operate AI for paying customers
- Customer pattern recognition — what customer audits and security reviews actually ask for; what board questions actually surface; what enforcement actions on competitors have established as precedent
The framework will evolve. Likely additions in v2: explicit prompt-governance and prompt-injection-response (currently distributed across layers 4 and 6), explicit model-supply-chain layer (currently in layer 5), explicit AI-DLP layer (currently in layer 3). When v2 ships, your v1 scores remain usable with documented translation.
FAQ
Questions CIOs ask before running the assessment.
Run it yourself. Or send us your answers. Or walk through it together.
No sales-call condition. The framework belongs to you whether or not you ever work with JieGou. 20-30 min to complete. Free.