AIMO Standard

AIMO stands for AI Management Office. This site hosts the human-readable AIMO Standard specification.

Why agentic AI audits are needed now

Enterprise AI risk is increasingly driven by Shadow AI (unapproved AI use) and agentic AI (autonomous agents) with broad tool privileges, making traditional ISMS/IT controls insufficient for traceability and audit explanations. AIMO Standard classifies AI usage with a shared language (Taxonomy), defines minimum evidence requirements, and enforces consistency via a Validator—accelerating auditability and remediation. Note: AIMO Standard does not provide legal advice or automatically guarantee compliance with any specific regulation/standard (see Coverage Map).

• Taxonomy (shared language)
• Minimum Evidence Requirements
• Validator (consistency checks)

Top-level sections

1. Standard — Specification (Current | Versions), Conformance, Coverage Map
2. Artifacts — Taxonomy, code system, dictionary, evidence templates, schemas
3. Validator — Rules, reference checks, how to run
4. Examples — End-to-end and minimal samples
5. Releases — Changelog, migration, checksums, PDF
6. Governance — Versioning, security, license, trademarks, Contributing

Quick links by audience

• For auditors: Trust Package, Taxonomy, Dictionary, Evidence Bundle, Minimum Evidence Requirements, Coverage Map, Validator, Releases
• For security: Trust Package, Taxonomy, Minimum Evidence Requirements, Responsibility Boundary, Governance, Validator, Standard > EV Template
• For IT ops: Trust Package, Taxonomy, Minimum Evidence Requirements, Releases, Validator, Examples, Conformance
• For legal/procurement: Trust Package, Responsibility Boundary, Coverage Map Methodology, Releases, Governance (license, trademarks)

Audit journey (2-click path):

1. Trust Package — start here for auditor-ready materials
2. Taxonomy + Dictionary — understand the 8-dimension code system
3. Evidence Bundle — structure and TOC
4. Minimum Evidence Requirements — MUST-level checklist
5. Coverage Map + Methodology — framework mappings
6. Validator — run structural checks
7. Releases — download assets and verify