Ask most IT teams how well-governed their technology estate is, and you’ll get a confident answer. Ask them to prove it and the confidence tends to evaporate. Not because the people are doing a poor job, but because the tools they rely on surface aggregates, not evidence. They tell you percentages. They don’t tell you which devices, which licenses, which accounts, and which AI systems are creating the risk. That gap between what IT governance frameworks require and what organisations can actually evidence is what ITAM Accelerate built Remora to close.
Remora: Introduction
Remora is a suite of three agentic recon agents, each grounded in the ITAM Accelerate process framework and aligned to ISO 19770, ISO 42001, NIS2, NCSC CAF, and FFIEC. The agents connect to an organisation’s existing IT management platform — ServiceNow, Flexera, or Xensam — interrogate the live estate, apply a rules engine across 99 governance processes, and return a prioritised findings register. Not a dashboard of amber RAG statuses. A list of specific things that are wrong, mapped to the process that governs them, with a recommended action and the regulatory obligation it speaks to.
The three agents cover distinct but complementary domains. The ITAM Recon Agent sweeps hardware and software — 44 processes spanning the full SAM, HAM process kit. From leaver assets not returned and ghost devices on the network through to publishers with no Effective License Position and contracts approaching renewal without a pre-negotiation compliance check. The Cloud CLMS Recon Agent covers 26 cloud lifecycle and FinOps processes — ungoverned accounts, un-blueprinted workloads, billing centres without owners, and contracts due for renewal with unused committed spend sitting unchallenged. The AI Governance Recon Agent applies 29 processes grounded in ISO 42001, with AI-05 — the AI Impact Assessment — as the keystone gate that no high-risk system may bypass.
Each agent surfaces findings filtered by vendor and product, so an ITAM manager preparing for an audit can pull every vendor-related finding in a single click. Each finding carries regulatory mapping, CSF and KPI content drawn from the ITAM Accelerate process kit, and a specific recommendation.
Do you remember our post: “Could you run SAM from your mobile phone?“. I believe we are getting there – and not just SAM.
Remora – Progress to date:
The progress to date has been substantial. All three agents are at v1.2, running in a deployable app bundle via Vercel and Electron. With a full technical specification ready for handover to a development partner who will connect the agents to live data. Design partner outreach is active, with prospects in financial services across the UK, Europe, and the US. HLD documents for Lansweeper and Tanium integrations, and a complete commercial model have all been developed alongside the product itself.
The production version — with live ServiceNow integration, scheduled sweeps, ServiceNow write-back, and multi-tenant AWS hosting — is the next milestone. But even in prototype form, Remora already does something most IT governance tools don’t. It looks at your actual estate and tells you, specifically, what’s wrong.
That turns out to be a surprisingly powerful thing.
I am proud to be part of this ITAM Accelerate initiative.