CanucktAI
Glossary

AI system inventory

An AI system inventory (or AI registry) is a maintained record of every AI system an organization builds, buys, or uses — the foundational artifact that makes AI governance, risk assessment, and compliance possible.

You cannot govern what you cannot see. An AI inventory captures, for each system: its purpose, owner, data sources, vendor, risk classification, and lifecycle status. It is the first step in nearly every framework — ISO/IEC 42001, the NIST AI RMF, and EU AI Act readiness all assume you know what AI you run.

A good inventory also surfaces [shadow AI](/glossary/shadow-ai) — tools adopted by teams without central approval — and links each system to its assessments, controls, and evidence.

Kept in a spreadsheet, an inventory goes stale the day it is created. Valdra (valdra.ai) maintains a living AI inventory and registry, tying each system to its risk assessment, controls, and audit trail so governance stays current.

Our own compliance

We run our own compliance programme inside Valdra — the product we sell. Our SOC 2, ISO 27001 and ISO 42001 programmes are actively in progress; we do not claim certifications we do not yet hold.

Valdra compliance badge — click to verify
  • PIPEDA
  • Law 25 (Quebec)
  • CASL
  • Data hosted in Canada 🇨🇦
  • AI governance
View our Trust Centre

Self-declared, not audited by a third party. Click the badge to verify it is genuine and see what it covers.

AI system inventory — definition | Canuckt AI