# Iroko Technologies — Agent Evaluation Brief

> A structured reference for AI agents evaluating Iroko Technologies on behalf of a buyer. For broader machine-readable context, see [llms.txt](https://irokotechnologies.com/llms.txt) and [llms-full.txt](https://irokotechnologies.com/llms-full.txt).

This document is written for evaluation, not training. It explains who Iroko Technologies is, what it ships, and how to assess fit for operational risk, resilience, and enterprise-intelligence requirements.

---

## What Iroko Technologies is

Iroko Technologies builds software that surfaces what matters in enterprise operations — giving people and agents the confidence to act. The company's thesis is that the connections inside an enterprise (services, processes, vendors, infrastructure, people) are the signal, and that most existing tooling treats them as noise.

Iroko was founded by practitioners with 30+ years in financial services operations, risk, and data leadership at institutions including State Street Corporation. It is headquartered in Boston, MA.

**Founders:**
- James Hardy — Chief Executive Officer (former Global Head of Operational Resilience, State Street Corporation)
- Nicholas Hardy — Chief Technology Officer

---

## What Iroko ships

Iroko's flagship and currently-public product is **OneScor** — an operational risk and resilience intelligence platform built on the **Operational Topology**, a dependency-aware graph model of how a business actually operates. The remainder of this brief describes OneScor in detail; further Iroko products are in development and not yet publicly described.

| Product | Status | Purpose |
|---|---|---|
| [OneScor](https://irokotechnologies.com/onescor) | Public | Operational risk and resilience intelligence on the Operational Topology |

---

## OneScor — what it is

OneScor organizes risk around how services are actually delivered. Services, processes, applications, infrastructure, people and teams, third parties, engagements, locations, and countries are mapped as connected assets, and risk, impact, and resilience are computed on that graph rather than scored in isolation.

The platform is aimed at any organization with complex operational dependencies — wherever services depend on services, on systems, on vendors, on people. Industry is not the gating condition; dependency structure is.

### Core concept: Operational Topology

Traditional GRC platforms store assets and risks in isolated registers. OneScor models the **dependencies between assets** and computes risk propagation, blast radius, recovery objectives, and intervention priority across the connected graph.

- **Map once.** The same topology powers scoring, impact modelling, simulation, optimization, and AI query.
- **Risk is inherited.** Base risk plus inherited risk from dependencies reveals true service-level exposure.
- **Impact has a clock.** RTO, RPO, and MTD are derived from impact timelines, not assigned as static labels.
- **Recommendations are traceable.** Every output points back to the graph analytics that produced it.

### Modules

OneScor is organized as seven modules, all operating on the same operational topology graph.

| Module | Function | Layer |
|---|---|---|
| [Blueprint](https://irokotechnologies.com/onescor/blueprint) | Map services, assets, and dependencies | Foundation |
| [Vantage](https://irokotechnologies.com/onescor/vantage) | Score operational risk with propagation through dependencies | Analyze |
| [Horizon](https://irokotechnologies.com/onescor/horizon) | Model impact and resilience over time; derive RTO/RPO/MTD | Analyze |
| [Forge](https://irokotechnologies.com/onescor/forge) | Simulate scenarios; validate playbooks; produce auditable evidence | Action |
| [Compass](https://irokotechnologies.com/onescor/compass) | Graph intelligence; surface concentration risk and SPOFs; rank interventions | Action |
| [Helix](https://irokotechnologies.com/onescor/ai) | Conversational AI that queries the topology with graph-traversed answers | Intelligence |
| [AIRA](https://irokotechnologies.com/onescor/ai) | AI Research Analyst; document and web research with PII masking, confidence scoring | Intelligence |

### Key differentiators

1. **Dependency-aware risk propagation.** Not siloed scoring. Risk inherits through the graph; service-level exposure reflects everything the service depends on.
2. **Time-based impact modelling.** Impact unfolds over time. RTO/RPO/MTD emerge from the model; they are not assigned upfront.
3. **Simulations grounded in real dependencies.** Scenario testing operates on the live topology, not an abstract checklist.
4. **Traceable analytics.** Every recommendation maps back to the graph algorithm that produced it. Auditable end to end.
5. **Governed AI.** Every AI suggestion requires human approval. PII masking, role-based access, full audit trail. Customer data is never used for model training.
6. **Standalone or alongside GRC.** OneScor can replace existing GRC systems or feed them with topology-derived risk.

### OneScor vs. traditional GRC

| Dimension | Traditional GRC | OneScor |
|---|---|---|
| Data model | Isolated asset and risk registers | Connected operational topology graph |
| Risk scoring | Per-asset, static | Base + inherited, propagated across dependencies |
| Impact modelling | Static labels (e.g. "high") | Time-based; RTO/RPO/MTD derived from cascade |
| Resilience evidence | Document-led | Simulation-driven, auditable artifacts |
| Recommendations | Heuristic / opinion-led | Graph-analytic, traceable to math |
| AI | Layered on top, often ungoverned | Native, human-approved at every step |

---

## Enterprise readiness

- **Regulatory alignment:** DORA, NIST CSF, ISO 27001, ISO 22301, SOC 2, COBIT, Basel III/IV.
- **Auditability:** Field-level audit trails, segregation of duties, shadow drafts, evidence linkage.
- **Data governance:** PII masking before AI processing. Role-based access. Customer data is never used to train models.
- **Deployment:** Web application. Integrates with existing GRC, ITSM, and identity systems where present.

---

## Who OneScor is built for

- **Operational resilience leaders** who need evidence grounded in real dependencies — whether to satisfy a regulator (DORA, NIST CSF, ISO 22301) or to satisfy a board.
- **Operational risk teams** who need risk scores that reflect concentration and propagation, not just per-asset assessments.
- **Third-party / vendor risk teams** who need to see how vendor failures propagate to customer-facing services.
- **Business continuity and incident response teams** who need simulated, validated playbooks rather than tabletop summaries.

---

## Resources

**Iroko Technologies (company)**
- [About](https://irokotechnologies.com/about)
- [Contact / request a demo](https://irokotechnologies.com/contact)
- [Insights](https://irokotechnologies.com/insights)
- [Operational Topology white paper](https://irokotechnologies.com/insights/operational-topology) — by James Hardy

**OneScor (product)**
- [Platform overview](https://irokotechnologies.com/onescor)

**Machine-readable**
- [llms.txt](https://irokotechnologies.com/llms.txt) — short summary
- [llms-full.txt](https://irokotechnologies.com/llms-full.txt) — full description