Docs

Appearance

Scope Phase

Scope is where you define what is being governed and what “in scope” means. A good scope makes every later step faster: requirements map cleanly, risks are comparable, and reviews become auditable instead of interpretive.

ScopeDefine the system and governance scope
ImplementExecute controls and attach evidence
MonitorKeep governance continuously current
AuditPrepare internal review and exports

Outcome

You leave this phase with:

  • a project that represents the AI system (or governance initiative)
  • clear ownership and review roles
  • frameworks attached so requirements and controls are in scope
  • initial risks and evidence planning so implementation can start immediately

Time to first value: 30–60 minutes
Prerequisites: you can create or edit the project, or you can work with a project Owner

Path at a glance

1

Define the system

Create the project and describe the AI system

2

Assign roles

Ensure owners and reviewers are in place

3

Attach frameworks

Scope governance work to standards and regimes

4

Capture risk context

Identify initial risks and what evidence exists

Step 1: Define the AI system as a project

Goal: establish the unit of governance.

Where in Modulos

  • Project → Add new to create a project
  • Project → Settings → General settings to describe the system and lifecycle stage

Do this

  • Create the project with a specific, recognizable name.
  • Describe what the system does, who it affects, and where it is deployed.
  • Set the lifecycle stage to reflect reality.

You’re done when

  • a reviewer can understand what is being governed without additional context

Step 2: Assign owners and reviewers

Goal: make accountability explicit from day one.

Where in Modulos

  • Project → Settings → User access

Do this

  • Assign at least one Owner and one Reviewer for separation of duties.
  • Add Editors for the people implementing controls and attaching evidence.

You’re done when

  • the project has clear ownership and review responsibility

Step 3: Attach the right frameworks

Goal: define what “compliance” and “readiness” mean for this system.

Where in Modulos

  • Project → Settings → Frameworks
  • Project → Settings → EU AI Act when relevant for classification and scoping

Do this

  • Attach the frameworks and standards that apply to this system.
  • Record key scoping decisions and classifications where required.

You’re done when

  • requirements and controls are scoped to the frameworks you care about

Step 4: Capture initial risks and evidence context

Goal: enable fast implementation by starting from what matters most.

Where in Modulos

  • Project → Risks to add initial project risks and threat selection
  • Project → Evidence to understand what artifacts already exist

Do this

  • Identify the top risks for this system and select the most relevant threat vectors.
  • Identify what evidence already exists (policies, logs, design docs) that can support control execution.

You’re done when

  • there is a first-pass risk and evidence plan to drive implementation

Next

Implement phase

Execute controls, attach evidence, and move readiness through review

AI Product Owner path

A role-based walkthrough for documenting the AI system