The Soma Index

The benchmark your board, your buyers, and your underwriters will measure you against.

When a procurement team or an underwriter asks where you stand, this is the scale they have in mind. The Soma Index benchmarks 335 enterprise firms on what they can verify under independent review — not what they claim in policy. The difference between a confident answer and a stalled deal.

Q1 2026 — Core Cohort Metrics

The median firm using third-party AI operates with an unmapped technological footprint. While 10-K risk disclosures regarding AI have risen sharply, internal operational controls remain decoupled from boardroom reporting.

58%

The Scope Gap

of top-quartile firms cannot track or verify the background AI sub-processors running inside their existing enterprise software stack.

71%

The Oversight Void

of benchmarked organizations operate with no named executive or committee explicitly assigned to manage AI risk and compliance.

64%

The Policy Deficit

possess a written AI policy on paper, but lack any repeatable, software-backed method to verify employee or vendor adherence.

Measure yourself — free

Two free ways to place your firm on the Index.

No email, no identity, nothing leaves your browser. See where you stand before a buyer, an underwriter, or your board asks.

90 seconds · 5 questions

The Signal Check

An instant peer-position card you can forward straight to your risk committee or general counsel.

28 controls · 10 minutes

The Structural Audit

A deeper self-scored read across the four NIST pillars, with your exposures circled live as you answer.

Sector Standings — Median Postures

We rank sectors on three dimensions: Governance, Mapping, and Measurement.

Governance covers accountability matrices; Mapping covers data-lifecycle control; Measurement covers repeatable technical auditing. Scores are the cohort median on a 0–100 control scale.

RankSectorMedian Control Score/100

01Financial Services 58/100

02Healthcare & Life Sciences 51/100

03Professional Services 46/100

04Technology & SaaS 42/100

05HR & Staffing 31/100

06Retail, Media & Consumer 28/100

Bars below 45 — the Unmonitored threshold — are flagged in red.

The Three Posture Profiles

Every firm tested via our diagnostics lands within one of three structural tiers.

Score < 45 · Unmonitored

Unmonitored

AI adoption is organic, employee-driven, and managed entirely through standard vendor Terms of Service — without independent data-protection reviews.

Score 45–67 · Documented

Documented

An active legal policy and a vendor-tracking spreadsheet exist, but the firm lacks the independent verification assets required for enterprise procurement.

Score > 67 · Attested

Attested

Clear executive ownership, continuous third-party vendor mapping, and signed independent attestations that outside stakeholders take at face value.

Where do you land?

The Index is the baseline your posture is weighed against.

The $9,000 Stress Test places your firm on this scale in 48 hours — your real control structures, measured against the cohort, with $4,500 credited toward the signed attestation. Or benchmark yourself free in 90 seconds.

Commission the Stress Test →