REIGN · SPINE · ASSURANCE PACKS
Regulator-ready evidence packages.
Continuous Operational Assurance for Enterprise AI. Assurance Packs are the deliverables Reign Assurance ships. Industry-specific evidence by construction, mapped to the regulators your auditors will face.
Audits are passed on packaged evidence. Not on logs
Regulated industries do not pass an audit on the strength of their logs. They pass on the strength of evidence that is mapped, signed, and packaged in the format the regulator can read. Today, that packaging is a months-long manual exercise: pull data from logs, reconcile with audit trails, hand-build mapping tables to the framework citations, and assemble a submission document in the format the regulator expects. Compressed timelines make that manual exercise impossible.
- Logs are not evidence. Evidence is logs that have been mapped, signed, and packaged.
- Each regulator wants a different format: eCTD modules for FDA, DORA reporting templates for EU financial services, ISO 42001 audit packages for general AI risk.
- Mapping evidence to specific framework citations (21 CFR Part 11 §11.10, EU AI Act Article 12, AIGF risk #14) is repetitive, error-prone work.
- Cryptographic integrity is required end-to-end. From the original AI inference event through every transformation to the regulator hand-off.
- Compressed regulatory timelines (RAPID, FDA PCCP modifications, DORA incident reporting) mean evidence must be available continuously, not assembled retrospectively.
Reign Assurance Packs provide
Continuous assembly
Pulls from Audit Ledger (CAVR), Model Risk Validation, and AI Gateway automatically. No manual reconciliation.
Framework-mapped
Every evidence element is annotated with the specific regulatory citation it satisfies (21 CFR Part 11 §11.10, EU AI Act Art. 12, AIGF v2.0 risks, NIST AI RMF functions, ISO 42001 clauses).
Multi-format export
IND, NDA, BLA, 510(k), PCCP, DORA reporting templates, AIGF assurance reports, ISO 42001 audit packages. Exportable in the format the regulator ingests.
Cryptographic integrity
Hash-chained evidence preserved across handoffs to internal QA, external auditors, and regulators.
Custom packets
Customer-defined templates for joint submissions, audit responses, and partner-facing assurance.
On-demand generation
Available on demand. Submission-grade evidence is generated when needed, not assembled six weeks before filing.
The framework your industry answers to
Banking
SR 26-2 · OSFI E-23
Federal Reserve and OSFI model risk management. Independent challenge, validation, and ongoing monitoring evidence.
Life Sciences
FDA PCCP · 21 CFR Part 11 · GxP
Predetermined Change Control Plans, electronic records integrity, and Good Practice quality systems.
Capital Markets
FCA · MiFID II · DORA
UK FCA, EU MiFID II, and DORA operational resilience and AI/algorithm trading evidence.
Defense
NIST 800-171 · CMMC
CUI handling, supply-chain attestation, and CMMC Level 2 control evidence.
Templates available through the Design Partner Program
Submission-grade packs mapped to the frameworks regulators expect. New jurisdictions and templates added through design-partner sequencing.
Banking
SR 26-2 model risk, OSFI E-23, SEC 17a-4 WORM, FINRA 4511, SOX controls. Examination-ready packages mapped to the citations your auditors will face.
Capital Markets
DORA, FCA / MiFID II, US Treasury FS AI RMF, FFIEC examination packages, third-party AI vendor risk. Trading and algorithmic AI evidence by construction.
Life Sciences
HIPAA, FDA 21 CFR Part 11, GxP/GMP/GLP/GCP, FDA PCCP, IND/NDA/BLA/510(k) submission templates. Inspection-ready evidence assembled continuously.
Public Sector
NIST AI RMF (Govern/Map/Measure/Manage), NIST 800-171, CMMC Level 2, FedRAMP, ISO 42001 audit packages, CUI flow documentation. US and allied government procurement.
More industries available on request.
The regulator-facing output of the Reign Spine
Assurance Packs is the regulator-facing output of the Reign Spine. It consumes the continuous evidence stream from the Audit Ledger (CAVR), the model-version metadata from Model Risk Validation, and the policy decisions plus tool-call graph from the AI Gateway. It assembles all four Spine components’ outputs into a single, signed, regulator-ready submission artifact. Every Assurance Pack is reproducible. The same query against the same evidence corpus produces an identical, hash-verifiable artifact.
Mapped to the frameworks regulators expect
SR 26-2
Federal Reserve Revised Model Risk Guidance for U.S. banks (replacing SR 11-7).
OSFI E-23
Canadian OSFI Enterprise-Wide Model Risk Management.
21 CFR Part 11
Electronic records and signatures (life sciences submissions).
FDA IND / NDA / BLA / 510(k)
Submission templates and required artifacts.
FDA PCCP
Predetermined Change Control Plan submission documents.
EU AI Act Art. 11
Technical documentation for high-risk AI systems.
EU AI Act Art. 12
Record-keeping for high-risk AI systems.
ALCOA+
Data integrity attributes packaged into the submission artifact.
DORA Art. 28 + reporting templates
Third-party ICT incident and audit reports.
FCA / MiFID II
UK and EU capital markets supervisory reporting.
FINOS AIGF v2.0
Assurance reports aligned to FINOS AI Governance Framework v2.0 risk categories, including the new agentic risks. Coverage scope is documented per engagement.
ISO 42001
AI management system audit packages.
NIST AI RMF
Function-aligned reporting (Govern, Map, Measure, Manage).
NIST 800-171 / CMMC
Defense industrial base CUI and supply-chain controls.
Frequently asked questions
- What is in an Assurance Pack?
- A submission-grade artifact containing the evidence elements required by the chosen framework. For example, an FDA PCCP submission packet contains model version history, change-control packets, validation results, performance monitoring evidence, and the cryptographic chain linking every element to the original AI decision events. The exact contents are determined by the target framework and the customer’s submission scope.
- Which regulators and frameworks do you support?
- The first packet templates available through the design partner program cover SR 26-2, OSFI E-23, FDA 21 CFR Part 11, FDA PCCP, EU AI Act Art. 11 and Art. 12, ISO 42001, FCA/MiFID II, and FINOS AIGF v2.0 assurance. Additional templates for IND/NDA/BLA, DORA reporting, NIST AI RMF, NIST 800-171/CMMC, and 510(k) are sequenced into the design-partner roadmap.
- Can we customise the format?
- Yes. Customers and design partners author their own packet templates against the underlying evidence corpus. Joint-submission templates for partner-led filings (CRO, sponsor, system integrator) are first-class supported.
- Are Assurance Packs cryptographically signed?
- Yes. Every Assurance Pack is hash-chained from the original AI decision event through every transformation, with cryptographic signing at the artifact boundary. The integrity is verifiable independently.
- How long does pack generation take?
- On-demand. The evidence corpus is continuous, so pack assembly is a query against existing evidence in the Audit Ledger, not a retrospective reconstruction. Most submission packets generate in minutes to a few hours, depending on scope.
- How do I get access?
- Reign Assurance Packs are available by application through the Reign Design Partner Program. Design partners shape the packet templates, the framework mappings, and the export formats.
Reign Spine
Capabilities
Spine components
Submission-ready, not retrospective.
Reign Assurance Packs are available by application through the Reign Design Partner Program.