AI Risk Snapshot · Illustrative Report · Patent Pending (U.S. App. No. 64/057,822)
AI Governance Risk Snapshot
Meridian College
Prepared by Evolve Edge AI · evolveedgeai.com · For illustrative purposes only. Names, findings, and scores are representative examples.
Attestation & Assurance
Advisory Attestation — Evolve Edge AI
This AI Risk Snapshot was prepared by Evolve Edge AI using a structured, proprietary assessment methodology (U.S. Patent Application No. 64/057,822, Patent Pending). The findings, risk scores, and recommendations presented in this report are based on structured intake responses, evidence submitted by the client organization, and AI-assisted analysis validated by Evolve Edge's six-node scoring pipeline.
This report is intended for internal governance, board reporting, and executive planning purposes. It does not constitute a legal opinion, certified audit, or regulatory certification. Organizations should consult qualified legal counsel and certified auditors for regulatory submissions.
Strong Redemption LLC DBA Evolve Edge AI · Martinsburg, WV
U.S. Patent Application No. 64/057,822 · Patent Pending
AI Governance Maturity Score
Overall Posture
Defined — Moderate Risk
AI Governance Maturity · 5-level scale (Initial → Optimized)
Meridian College has documented basic AI governance policies and is aware of key risk areas. Core controls exist but are not consistently enforced or measured. Significant gaps remain in vendor AI oversight and shadow AI detection.
Peer Benchmark
Score of 47 places Meridian College in the bottom 40% among AI-adopting higher education institutions. The industry median is 61/100. Institutions in the top quartile (75+) have formal AI governance committees, documented model inventories, and quarterly board reporting.
Executive Summary
Summary for Leadership
Meridian College is using AI tools across admissions, advising, and administrative workflows but lacks the governance infrastructure to manage risk at scale. The primary concerns are uncontrolled shadow AI adoption (faculty and staff using personal AI tools for institutional work), insufficient vendor AI contract review, and an absence of formal AI incident response procedures.
Without intervention, the institution faces growing exposure to FERPA violations through AI-assisted data handling, reputational risk from undisclosed AI use in student-facing decisions, and potential accreditation scrutiny as AI governance becomes a standard board expectation.
The recommended path is a 90-day structured governance sprint: establish an AI Governance Working Group, implement a model and vendor inventory process, and deliver a board-ready AI Risk Statement before the next trustee meeting.
Risk Findings
Top Findings
Multiple departments are using consumer AI tools (ChatGPT, Claude, Gemini) to process student records, draft communications, and generate academic content without institutional awareness, data handling agreements, or FERPA review.
Risk Domain: Shadow AI · Data Privacy · FERPA
The institution has not established a process to review AI capabilities embedded in existing vendor contracts (SIS, LMS, CRM). Several core vendors have added AI features without formal notification or data processing amendments.
Risk Domain: Vendor Risk · Third-Party AI · Contract Management
The institution has no defined procedure for identifying, escalating, or responding to AI-related incidents including model errors in student-facing decisions, data exposure via AI tools, or vendor AI outages affecting operations.
Risk Domain: Governance · Incident Response · Operational Risk
AI tools are being used to support admissions screening, advising recommendations, and financial aid processing without adequate disclosure to students or documented human-in-the-loop review requirements.
Risk Domain: Fairness · Transparency · Student Rights
No centralized inventory of AI tools, models, or vendors exists. Leadership cannot determine what AI is in use, by whom, for what purpose, or under what data handling conditions.
Risk Domain: AI Inventory · Governance · Oversight
Compliance Mapping
Framework Coverage Assessment
FERPA
⚠️ Gap: AI tools handling student records without review or DPA coverage.
NIST AI RMF
⚠️ Partial: No formal GOVERN or MAP function implementation. MEASURE and MANAGE undefined.
EU AI Act (if applicable)
⚠️ Watch: Student-facing AI may meet high-risk thresholds under Article 6 as it scales.
ISO 42001
❌ Gap: No AI Management System established. Leadership commitment and scope not defined.
Remediation Roadmap
90-Day Action Plan
Days 1–30 — Immediate Actions
Establish AI Governance Working Group
Designate 5–7 member cross-functional group with clear scope, meeting cadence, and board reporting mandate. Appoint AI Governance Lead by Day 15.
Issue Shadow AI Use Policy
Issue interim guidance on approved AI tools, prohibited data categories (student PII, FERPA-protected records), and mandatory disclosure requirements for AI-assisted decisions.
Begin AI Tool and Vendor Inventory
Survey all departments for current AI tool usage. Cross-reference existing vendor contracts for AI features. Document each tool: purpose, data access, vendor DPA status, and department owner.
Days 31–60 — Foundation
Conduct Vendor AI Risk Reviews
Review top 10 vendor contracts for AI clauses, data processing amendments, and opt-out rights. Prioritize SIS, LMS, and CRM vendors. Request updated DPAs where needed.
Draft AI Incident Response Procedure
Define trigger conditions, escalation path, containment steps, and reporting requirements for AI-related incidents. Align with existing data breach response procedures.
Days 61–90 — Visibility
Deliver Board AI Risk Statement
Present a one-page AI Risk Statement to the Board of Trustees covering: current AI use inventory, key risks addressed, governance structure, and 12-month oversight plan. Positions institution as proactive with accreditors.