Pauline Harrison

Appointed into a governance vacuum at a FTSE-listed global STEM workforce consultancy (£1.3bn revenue, 16 countries) with no documentation, no framework mapping, no regulatory tracking and no tooling. Built the entire AI governance function from zero — authoring the AI Policy, AI Management System (AIMS) Policy (ISO/IEC 42001) and AI Ethics Charter from scratch, and establishing multi-jurisdiction compliance infrastructure across UK, EU and US markets for an AEDT system.

Designed and deployed Jira epic and task structure across three jurisdictions, translating regulatory obligations into actionable development and compliance tasks. Built a proprietary multi-jurisdiction AI Artefact Tracker (evolved from Excel to a database application producing executive-level compliance reports — IP retained) and deployed the AI Governance Navigator (proprietary real-time regulatory intelligence tool) across all three markets.

Mapped obligations across five concurrent frameworks — NIST AI RMF, ISO/IEC 42001, OWASP GenAI Top 10, OWASP Agentic AI Top 10 and CSA AI Controls. Designed the AIIA to ISO/IEC 42005 standards with integrated risk management. Reported compliance posture to the COO-chaired AI Governance Committee, producing remedial roadmaps where gaps were identified.

Developed a practitioner framework for technical assurance of high-risk AI systems, operationalising NIST TEVV into executable testing methodology. Shared with the National Physical Laboratory. Currently working with Adam Leon Smith (Chair, BCS SIGiST) to present the framework to the ISO AI testing committee. Formalising as a Professional Doctorate: "Beyond Process Conformance: Developing a Practitioner Framework for Technical Assurance of High-Risk AI Systems under the EU AI Act.

Appointed as a ForHumanity Fellow in AI Testing and Governance, contributing to the development of audit frameworks, governance standards and compliance documentation as ForHumanity pursues formal accreditation as a designated EU AI Act auditing body. Contributed to documentation spanning AAA Systems Governance, AI Literacy Training, Independent Audit of AI Systems and EU AI Act Compliance Audit, with a focus on testing evidence, evaluation practices and ethical oversight.

Founded and leads a consultancy specialising in responsible AI governance for SMEs, advising organisations on compliant AI adoption and data protection aligned with UK guidance, the EU AI Act and international standards.

Clients include Everfit (health services for seniors), RevQote (AI in CRM systems), Cloud & Clear (Microsoft 365 AI implementation) and Deimos AI — providing AI governance, data protection and privacy controls embedded into AI rollouts across regulated and consumer-facing environments.

Conducts AI readiness, ethical risk and impact assessments applying ISO/IEC 42001 principles. Designs governance frameworks tailored to business maturity and risk tolerance, covering fairness, transparency, accountability and human oversight. Selects and combines frameworks — EU AI Act, NIST AI RMF, ISO/IEC 42001 — to meet client obligations and support accreditations.

Developed an AI testing framework for testers transitioning from traditional testing. Co-wrote AI literacy training content for ForHumanity used by trainers across organisations. Provides governance templates, toolkits and operating procedures designed for audit readiness and responsible AI adoption.

Monitors regulatory developments and translates requirements into practical guidance. Maintains IAPP AIGP certification and ForHumanity Fellowship.