Appearance
Operationalizing in Modulos
FEAT is principle-based. The work is to translate principles into controls and monitoring signals that can be audited.
Recommended project structure
Most organizations use:
- One organization project for governance foundations (shared control library, templates, review cadence).
- AI system projects for product/deployment execution (fairness tests, evidence, approvals, monitoring).
Where in Modulos
Project → Controlsfor fairness, oversight, and transparency measuresProject → Runtime Inspectionfor evaluation signals and historyProject → Evidencefor methodology and approvalsProject → Requirementsfor compliance trackingProject → Risksfor treatment decisions and residual risk acceptance
A sequence that works
1
Define what fairness means
Choose metrics and thresholds that reflect your use case
2
Attach controls and tests
Create controls for governance and tests for monitoring signals
3
Link evidence
Attach methodology, results, and approvals to controls
4
Review and remediate
Use review flows to approve decisions and track remediation
5
Re-test and report
Repeat as the system changes and export packages for audits
Evidence, tests, and remediation (diagrams)
Make FEAT auditable by linking controls, evidence, and testing signals.
Framework mapping
Four layers, one reusable spine.
Frameworks
EU AI Act
ISO 42001
Requirements
Art. 9.1Risk management
Art. 10.2Data governance
6.1.1Risk assessment
Components
Risk identification
Impact analysis
Evidence
Risk register
Test results
Controls
The reusable spine
One control satisfies many requirements across many frameworks, and groups the components and evidence beneath them.
Risk assessment process
Data validation checks
Edge from any layer card crosses into the Controls spine — the same control may serve a regulatory article, a standards clause, a downstream component, and the evidence that closes it.
Runtime test
A schedule fires, an operator evaluates, a result is emitted.
Schedule
Runs on cadence (e.g. daily)
Evaluation
1
Fetch latest datapoint
2
metric < threshold3
Emit result
Passed Failed Error
Tests evaluate the most recent signal available within the lookback window. Outside the window, the result is Error, not Failed.
Remediation loop
A continuous five-step cycle, not a ticket queue.
Continuous
Remediation
1
Detect
Failed or error result
2
Triage
Data issue vs real drift
3
Fix
Change system or control implementation
4
Record
Update evidence and audit trail
5
Re-verify
Re-run test or monitor
When tests are linked to controls, failures route to control owners and keep governance aligned with reality.
Evidence linking
One evidence file, attached to component-level claims, reused across two controls.
model_validation.pdf
CTRL-001 group
Component A
Component B
Component C
CTRL-002 group
Component D
Component E
CTRL-001Model validation
CTRL-002Data quality
1 evidence · 3 linked components · 2 controlsAttach evidence to the smallest meaningful claim — the same file then satisfies parts of every control whose components it covers.
Exports for audit and stakeholders (diagram)
Use exports to create point-in-time snapshots of controls and supporting evidence.
Audit pack
How four export types collapse into one shippable bundle.
Inputs
Project PDF export
Top controls (PDF exports)
Evidence files (attachments)
Key assets (Markdown exports)
Audit pack
Single shippable bundle
All four input types, versioned together, ready for the auditor.
Snapshot Exports are snapshots. Keep scope stable before exporting — the bundle freezes whatever was in place at export time.
Common pitfalls
- adopting FEAT as policy text without owners, gates, and evidence
- running fairness evaluations once (instead of on cadence and on change)
- collecting results in files without linking them to controls and approvals
- changing data/model/population without triggering re-review
Related pages
Principles
Understand what to implement under Fairness, Ethics, Accountability, and Transparency
Runtime Inspection operating model
Make evaluations a repeatable governance loop
Risk quantification
Prioritize treatment and investment with monetary outputs
Disclaimer
This page is for general informational purposes and does not constitute legal advice.