The ten-minute diagnostic tells you whether your firm has a governance gap. This kit tells you exactly where the gaps are and how to close them.
What’s in the Kit
The Legal AI Deployment Evaluation Kit is a structured, scored assessment framework distilled from NIST AI RMF, ISO/IEC 42001, and the OWASP Top 10 for LLM Applications. It contains 78 assessment items organized into five modules, each with detailed scoring rubrics, red flag indicators, evidence checklists, and write-in sections for documenting your findings.
Module 1: Data governance and client confidentiality (18 items) Data flow mapping, privilege and confidentiality controls, data retention and deletion, including the model inversion and data extraction tests that most vendors have never been asked about.
Module 2: AI-specific security risks (15 items) Prompt injection, sensitive information disclosure, supply chain and model integrity, mapped directly to the OWASP Top 10 for LLM Applications (2025) and filtered for the risks most relevant to legal practice.
Module 3: Governance and accountability (20 items) AI governance structure, human oversight and professional responsibility, vendor accountability, and a full shadow AI audit covering technical controls, sanctioned tool lists, and no-fault disclosure mechanisms.
Module 4: Output reliability and professional competence (10 items) Hallucination management, accuracy benchmarks, and bias testing to protect you from the malpractice scenario where an AI tool fabricates case law and nobody catches it before filing.
Module 5: Incident response and business continuity (15 items) AI-specific incident response plans, business continuity and vendor dependence, and a full insurance alignment assessment covering malpractice, cyber coverage, and financial exposure analysis.
The kit also includes a 390-point scoring system with four readiness levels, a red flag tracker with owner assignments and target dates, and a 90-day action plan template that breaks remediation into three phases: Stabilize, Build, and Operationalize.
Who This Is For
The kit is built for managing partners, general counsel, legal ops leaders, and CISOs at firms that are deploying AI tools or evaluating them. If your firm has already taken the free diagnostic and scored below 40, the full kit is the next step.
Start With the Diagnostic
If you haven’t taken the free ten-minute diagnostic yet, please start there . It samples ten questions from the full kit and gives you a baseline score in about ten minutes. If you score above 40, you may not need the full kit.
Self-Service Evaluation – $500
The full 78-item evaluation kit, self-directed. You work through each module at your own pace, score your firm against the rubrics, and use the 90-day action plan to prioritize remediation.
The kit runs locally in your browser and automatically saves your progress. A Governance Assessment Report is automatically generated at the end of the evaluation, which you can save as a PDF. No data is transmitted, no account is required, and nothing is stored on our servers. This is deliberately designed to be a privacy-first evaluation tool for firms that take data governance seriously.
What you get:
- 78 scored assessment items across 5 modules
- Detailed scoring rubrics for each item (0–5 scale, 390 total points)
- Red flag indicators that surface the highest-priority risks
- Evidence checklists specifying what documentation to look for
- Write-in sections for findings and notes
- Red flag tracker with owner assignments and target dates
- 90-day action plan template (Stabilize, Build, Operationalize)
- A documented governance posture you can show to clients and insurers
Guided Evaluation
For firms that want an expert in the room, particularly those scoring below 25 on the diagnostic.
The guided evaluation includes everything in the self-service kit, plus my direct involvement in interpreting your results and building a remediation roadmap specific to your firm’s risk profile and practice areas. Scope and deliverables are tailored to the engagement. A typical engagement includes a scoping call, assessment review, a working session, a written remediation roadmap, and follow-up.
If you’re interested in a guided evaluation, please reach out to schedule an intro call: consult@tosibriefs.com
The Legal AI Deployment Evaluation Kit is an educational self-assessment framework. It does not constitute legal advice, compliance certification, or a guarantee of security. Organizations should consult qualified legal and cybersecurity professionals for guidance specific to their circumstances. Framework references (NIST AI RMF, ISO/IEC 42001, OWASP Top 10 for LLM Applications) are used for educational purposes; this tool is not endorsed by or affiliated with NIST, ISO, or OWASP.