IT-Rationalization
33/100inventory · duplication · disposition · roadmap
- 0 pass
- 2 partial
- 1 fail
- 0 n/a
Governance across all three lenses over one technology fleet. 5 high/critical findings open
Governance posture
Cybersecurity
63/100NIST CSF 2.0 · CIS v8.1 · privacy
- 1 pass
- 3 partial
- 0 fail
- 0 n/a
AI-Governance
6/100AI-BOM · bias · oversight · provenance · drift
- 0 pass
- 1 partial
- 7 fail
- 0 n/a
AI-BOM · 4 models · the surface security misses
| Model | Use case | Risk | Oversight | Owner | Reviewed |
|---|---|---|---|---|---|
| Gracie (Ask Gracie)Undisclosed LLM (vendor not public) · in-product 2026 | Conversational AI answering policy, training & fair-housing/compliance questions from company policy content; reasons even when the answer is not explicitly stated | critical | no HITL | Product | 253d ago |
| Intelligence+Internal + vendor analytics · GA 2H-2025 | Prescriptive analytics ranking priorities/action plans from 35 yrs of resident-survey data | high | HITL ✓ | Data / Insights | 147d ago |
| PerformanceHQ AI-driven insightsInternal · in-product 2026 | Recommendation/insight engine across training + survey + policy data | high | no HITL | Product | 222d ago |
| Reputation sentiment AIVendor sentiment model · in-product 2026 | Flags risky resident feedback + drafts responses across review platforms | med | HITL ✓ | Product | 130d ago |
Cost & Efficiency · AI tokenomics — the governance that de-risks AI also makes it cheaper
$34.2kmonthly AI spend
$15krecoverable / mo
56%efficient
2over-provisioned
| Model | Tier | Monthly | Tokens/mo | Right-sizing | Recoverable |
|---|---|---|---|---|---|
| Gracie (Ask Gracie)Conversational AI answering policy, training & fair-h… | frontier | $18k/mo | 240M | over-provisioned | $11k/moFrontier model for policy/compliance Q&A — most queries fit a workhorse tier |
| Intelligence+Prescriptive analytics ranking priorities/action plan… | workhorse | $6k/mo | 90M | right-sized ✓ | — |
| PerformanceHQ AI-driven insightsRecommendation/insight engine across training + surve… | frontier | $9k/mo | 120M | over-provisioned | $4k/moNo caching on repeated insight prompts; partial down-tiering available |
| Reputation sentiment AIFlags risky resident feedback + drafts responses acro… | lightweight | $1.2k/mo | 40M | right-sized ✓ | — |
Monitoring & findings · systems & vendors & public chatter — never individuals
Monitoring: not connected. The signals below are sample / discovery findings from the baseline assessment — not a live feed. Continuous monitoring activates when connectors are wired to this tenant's stack. We mark what's real.
Signals · sample / discovery
0 critical2 high0 medium0 low0 info
| Sev | Signal | Source | Target | Seen | Status |
|---|---|---|---|---|---|
| high | Advisory affects a video-leasing dependencyPublic advisory matches a Realync media dependency — confirm version exposure. | cve | Realync (video leasing) | 5d ago | new |
| high | Shadow GenAI handling policy draftsUnsanctioned public-LLM use for content drafting; possible confidential data egress. | shadow-ai | Unsanctioned GenAI tools (shadow) | 5d ago | new |
Findings · HITL-gated — display only, no action without client GO
0 none6 proposed0 approved0 applied
| Sev | Finding | Type | Affects | Action |
|---|---|---|---|---|
| critical | Gracie answers fair-housing/compliance questions with no documented oversight or accuracy basisDocument model + data handling; add human-in-the-loop validation on fair-housing/leasing answers; run disparate-impact review. HUD 2024 guidance puts AI advisory in FHA scope and reaches the tech provider. | gap | Gracie (Ask Gracie) | proposed |
| high | No public model disclosure, accuracy metric, or data-handling doc for GraciePublish a model card (purpose, data, limits, accuracy) — CHAI-style — and a data-handling statement. | gap | Gracie (Ask Gracie) | proposed |
| high | Resident survey data used by Intelligence+ without documented consent/secondary-use governanceDocument consent basis + secondary-use limits + anonymization for model use of 35-yr survey data. | gap | Intelligence+ | proposed |
| high | AI-influenced policy/training content lacks documented 50-state legal validation + versioningAdd provenance + human legal-validation sign-off + version history for AI-touched compliance content. | gap | Policies platform | proposed |
| medium | Undisclosed foundation model behind Gracie; data-flow to provider undocumentedDisclose the model provider internally; govern data-flow + GPAI/supplier terms; define fallback. | gap | Gracie (Ask Gracie) | proposed |
| high | Shadow GenAI in use with no acceptable-use policyStand up an enforced AI acceptable-use policy; route staff to a sanctioned tool; run shadow-AI discovery. | gap | Unsanctioned GenAI tools (shadow) | proposed |
Attestations · Finding ≠ Attestation — signed independently of delivery & remediation (the conflict firewall)
DECLINED — AI-governance readiness is NOT attested. Open critical/high gaps (fair-housing oversight on Gracie, no model disclosure, resident-data secondary-use, shadow GenAI) preclude readiness. This is the gap to close on the path to ISO/IEC 42001 readiness — not a passing posture.
Security posture is moderate and platform-strong (MFA, encryption). Conditional pending vendor/model-provider risk inclusion and remediation of the video-leasing advisory + shadow-tool exposure.
Inventory of products is clear; the gap is a consolidated AI-feature inventory with data-access mapping and a shadow-AI sweep. Sound pending those.
Fleet inventory · 9 assets
| Asset | Kind | Owner | Adoption | Disposition | Flags |
|---|---|---|---|---|---|
| PerformanceHQUnified platform (training, policy, surveys, insights) | application | Product / Eng | 95% | retain | internet |
| Training / LMS600+ industry courses incl. fair housing | application | Learning & Enablement | 90% | retain | internet |
| Policies platform1,000+ policies/forms, e-sign, compliance dashboard | application | Compliance | 85% | retain | internet |
| KingsleySurveys / Kingsley Index35-yr resident/employee survey + benchmark dataset | database | Data / Insights | 80% | retain | — |
| Reputation ManagementAI sentiment monitoring across review platforms | application | Product | 60% | retain | internet |
| Realync (video leasing)Virtual leasing / video tours | vendor-service | Product | 50% | retain | no-MFAinternet |
| CRM / GTM stackSales + customer data | vendor-service | Revenue | 70% | retain | internet |
| Analytics / benchmarking warehouseResident + employee analytics, model features | database | Data / Insights | 65% | retain | — |
| Unsanctioned GenAI tools (shadow)Staff using public LLMs for content drafting | application | (unowned) | 30% | tbd | no-MFAunencryptedinternet |