USIAIS issues two distinct certifications. The Product Assessment evaluates a single AI system or product. The Company Assessment evaluates the AI governance practices of an organization. Both are scored on a 0-100 scale and reported with a letter grade, a domain breakdown, an issue log, and a set of recommendations. Each carries a verification number that can be checked against our public record.
This piece explains what each of those assessments actually looks like in practice. The full methodology documents are forthcoming; what follows is a description of the shape of the work.
The Product Assessment
A Product Assessment is a desk review. We receive a documentation package from the client: model cards, system cards, deployment context, intended use, prohibited uses, safety controls, evaluation results, incident history, and any other artifacts that describe the product. We supplement this with publicly-available information about the product where it exists.
We then score the product across several domains. The current draft framework includes domains for intended use specification, deployment-context appropriateness, safety controls, evaluation rigor, transparency artifacts, incident response capability, and update governance. Each domain is scored independently against published criteria, then aggregated into a single 0-100 score with a letter grade applied per our published scale.
The output is a written report. The report contains the score, the grade, the domain breakdown, an issue log enumerating each finding that affected the score, and a set of recommendations. The recommendations are concrete. They are addressed to specific items in the issue log. They are not "improve your safety practices generally."
A Product Assessment takes approximately one week of elapsed time and is priced at $5,000. The seal issued, if the product passes, is valid for twelve months.
The Company Assessment
A Company Assessment is an organizational review. It includes a documentation review similar to the Product Assessment but extends beyond it. We conduct structured interviews with relevant personnel — typically including AI governance leadership, security and risk, model owners, and operational leadership. We review processes: how the organization decides what AI to deploy, how it monitors what is deployed, how it responds when something goes wrong, how it trains its people.
The scoring framework spans broader domains than the Product Assessment. The current draft includes domains for governance structure, intake and review processes, model inventory and lifecycle management, monitoring and incident response, training and awareness, third-party risk, and transparency. The same scoring discipline applies: domain-level scores aggregated into a 0-100 organizational score with a letter grade.
The output again is a written report, but it includes an additional component: a twelve-month roadmap. The roadmap identifies the highest-leverage improvements the organization can make over the assessment year and prioritizes them. The intent is that an organization receiving a B-grade assessment has a clear, dated path to an A on the next assessment cycle if it chooses to take it.
A Company Assessment takes approximately four weeks of elapsed time and is priced at $25,000. The seal issued, if the company passes, is valid for twelve months.
What an assessment does not do
Both assessments are scoped deliberately, and it is worth being explicit about what they do not cover.
An assessment is not a security audit. Security posture is in scope where it intersects with AI deployment specifically; general infosec assessment is not. Organizations seeking a comprehensive security review should engage a security auditor for that purpose.
An assessment is not a legal opinion. We can evaluate whether an organization has processes in place to meet regulatory obligations, but we do not opine on whether specific deployments comply with specific regulations. That work belongs to counsel.
An assessment is not a prediction. We can evaluate the practices that are in place at the time of assessment. We cannot predict whether the organization will continue to operate them well, or whether a particular product will perform safely in deployment over the next twelve months. The seal is a snapshot, not a guarantee.
Why this works
The discipline that makes any of this useful is that the methodology is published. Anyone reading our report can trace each finding back to a criterion they could read for themselves. Anyone disagreeing with a finding can engage with the specific criterion that produced it. The argument moves to where it ought to be — about the criteria themselves, and about how they were applied — instead of about the credibility of the assessor.
This is the discipline of every legitimate assessment institution. We do not invent it. We adopt it. And we will hold ourselves to it, including in the cases where it is uncomfortable. Companies and products may, and do, receive failing grades. That is the only way the practice is worth anything.