Inventory
Write down every AI system in use including standalone tools, AI features baked into your everyday SaaS and custom integrations. Comes pre-stocked with the most common “hidden AI” surfaces.
Open the InventoryCAIRN — Canadian AI Risk & Navigation — a free, lightweight tool for small and medium organizations in Canada that want to govern their AI use.
A cairn is a stack of stones that marks the path through unfamiliar terrain. Walkers build them for each other. It helps you mark what you've seen, what you've decided, and where you're going.
Write down every AI system in use including standalone tools, AI features baked into your everyday SaaS and custom integrations. Comes pre-stocked with the most common “hidden AI” surfaces.
Open the InventoryDefine what AI must never do in your organization. Start from a preset list of common boundaries and edit the wording until it matches how your team actually functions.
Open RedlinesPull your Inventory and Redlines into a Responsible AI policy template. Download a Word file to circulate and sign, or a plain-text version to upload to your AI assistant when you want to ask questions about your own policy.
Open PolicyPer-system check-in worksheets on a configurable cadence: bias spot-checks, drift indicators, data-leakage probes, PIPEDA exposure, redline conformance.
Released by the U.S. National Institute of Standards and Technology in January 2023, the AI RMF is a free, public framework with four core functions: Govern, Map, Measure, and Manage. CAIRN's modules each align with one of these functions.
The AI Governance Network (AIGN) maintains an SME-focused framework with practical tools including the Agentic Risk & Goal Canvas, the Redline Canvas, and a Trust Scan. CAIRN's Redlines module is directly inspired by this work.
AIGN SME & Startup AI Governance FrameworkCanada's federal, provincial, and territorial privacy regulators jointly released Principles for responsible, trustworthy and privacy-protective generative AI technologies, interpreting PIPEDA and provincial privacy law in the context of generative AI. CAIRN's PIPEDA flags and several preset redlines reflect these principles.
OPC — Privacy and AIEverything you enter into CAIRN is stored in your browser's local storage on the device where you entered it. There's no server, no account, nothing uploaded. If you clear your browser data, you'll lose what you entered — so export to a JSON file regularly using the Export button on any page.
To move your governance record between devices or share it with a colleague, export the JSON file and import it on the other device. Treat the file like any other internal document (it describes sensitive aspects of how your organization runs).
CAIRN doesn't monitor AI tool usage live, doesn't scan your network for shadow AI, and isn't legal advice. It's a structured workbook, not a security product. Treat its outputs as drafts that need human review — including review by a qualified lawyer before you rely on any of it for compliance purposes.
If you want to wipe everything stored in this browser and start over.
CAIRN is made by Lavinia Labs, a small Hamilton studio building practical tools, training, and onboarding for small Canadian teams. Stop by our website and say hello!
Learn More