Skip to content
COGNOME  •  AI GOVERNANCE

Find out exactly where your AI governance stands.

A free, structured maturity assessment for healthcare AI. Built on the Health Sector Coordinating Council's (HSCC's)  published framework, and extended by Cognome to cover the ground it doesn't.

 

COGNOME  •  AI GOVERNANCE

A defensible way to measure where you are today.

Most health systems don't lack AI governance policy, they lack a clear, structured way to measure where they stand. This assessment gives you that. Answer a structured set of questions across your organization's AI controls, and get back an objective maturity score, a plain-English readiness read, and a gap log you can hand straight to your compliance team. None of the data you enter ever goes back to anyone. It remains entirely within your control.

It takes roughly the same to complete this assessment as it does to complete an audit workbook: 30 to 45 minutes for someone who already knows your AI program — and it produces something you can act on, not just a score.

You have the choice of downloading an Excel form, using the in-browser form (our recommendation) or downloading the app and running it in your environment (also a great choice).

WHERE IT CAME FROM

Built faithfully on HSCC's Appendix C 

This tool starts from the Health Sector Coordinating Council's AI Cyber Governance Framework Implementation Guide — specifically Appendix C, HSCC's own 19-control-area self-assessment spanning three objectives: AI Cyber Governance, Regulatory Alignment, and Standards Mapping.

We didn't rewrite HSCC's scoring logic. The core assessment uses HSCC's own minimum-score rule exactly as published — your weakest control area sets your ceiling, because that's how governance risk actually works.

HSCC published a great framework, but it's tuck in a static document. We turned it into something interactive — with real-time scoring, a maturity summary, and a gap-and-remediation log, while keeping every number traceable back to HSCC's original text.

WHAT WE ADDED

Four Extended domains, clearly marked as ours.

Appendix C is the foundation, not the whole picture. Working from the full Implementation Guide, we identified areas the framework discusses in its narrative but doesn't yet score — and built four Extended domains to close that gap. They sit alongside the core assessment with their own summary and gap log, so your HSCC-sourced score always stays clean and separately reportable.

Extended

Ethics

Fairness, bias, and patient-impact review of deployed AI.

Extended

Security

Model-specific attack surface beyond standard IT controls.

Extended

Resilience

Fallback plans when an AI system fails or degrades.

Extended

Transparency

Explainability and disclosure to clinicians and patients.

We also added a risk-tier layer, sourced from HSCC's Appendix F, and a second score, which we are calling "the Cognome Score" that reads your three core objectives as equal peers to give you an average. Everything Cognome added is labeled as ours throughout, never attributed to HSCC.

RUNS ON YOUR MACHINE, NOT OURS

We never see your answers.

This assessment runs entirely in your browser. There's no backend, no server call, no account. Every answer, score, and note you enter lives only in your browser's memory while the tab is open, closing it clears everything. The only thing that reaches us is the email you give us to get in the door.

No Back End

Nothing you enter touches a server. Not Cognome's. Not anyone else's.

Memory Only

Your answers live in the tab's memory. Close it, and they're gone.

Inspectable

Available as an offline file your security team can review or air gap.

TWO WAYS TO RUN IT

However your team already works.

Appendix C is the foundation, not the whole picture. Working from the full Implementation Guide, we identified areas the framework discusses in its narrative but doesn't yet score — and built four Extended domains to close that gap. They sit alongside the core assessment with their own summary and gap log, so your HSCC-sourced score always stays clean and separately reportable.

Interactive Assessment

Live scoring, a maturity summary, and an auto-populating gap log as you go. Export your finished results to Excel, Word, or PDF when you're done.

Excel Workbook

Prefer to work the way your team already does GRC evidence? Download an Excel file with the full assessment. Same logic, same citations.

We also added a risk-tier layer, sourced from HSCC's Appendix F, and a second score, which we are calling "the Cognome Score" that reads your three core objectives as equal peers to give you an average. Everything Cognome added is labeled as ours throughout, never attributed to HSCC.

COGNOME

This assessment is built on the Health Sector Coordinating Council's (HSCC) publicly published AI Cyber Governance Framework Implementation Guide, Appendix C. Cognome is not affiliated with or endorsed by HSCC. Core scoring reflects HSCC's own methodology as published; the Extended domains (Ethics, Security, Resilience, Transparency), risk-tier mapping refinements, and Cognome Score are Cognome's own additions and are labeled as such throughout the tool.