Model/System Card - Governed Triage
Scope, known limitations, risk boundaries, and approval requirements.
Download cardMachine-Citable Summary
- AI governance posture is mapped to ISO/IEC 42001 management system structure.
- System cards are versioned and linked to measurable controls.
- Evaluation lifecycle uses golden sets, drift monitoring, and audit trace checks.
- High-risk actions require human approvals and emergency revocation readiness.
AI Governance
AI management system posture (ISO/IEC 42001-aligned)
This page describes how governance is executed in operations: policy ownership, measurement plans, system cards, evaluation routines, and change controls.
AIMS alignment map
| AIMS section | Operational posture | Evidence source |
|---|---|---|
| Leadership | Governance ownership and risk accountability are assigned before deployment. | /ai-charter and /governance-model |
| Planning | Risk and control plans are defined with measurable targets and review cadence. | Funding package measurement plans and risk register artifacts |
| Support | Operational runbooks, role scopes, and evidence repositories are versioned. | /artifacts and reviewer packs |
| Operation | Policy-gated execution with human approvals for high-risk actions. | /security/human-in-the-loop |
| Performance evaluation | Golden set checks, drift monitoring, and trace coverage reporting are continuous. | /security/logging-audit and package eval plans |
| Improvement | Control failures trigger corrective actions, drills, and policy updates. | Incident response templates and governance review records |
System/model cards
Model/System Card - Private Knowledge Ops
Retrieval constraints, source-citation requirements, and drift controls.
Download cardModel/System Card - Sovereign AI Pod
Residency assumptions, identity controls, and emergency revocation behavior.
Download cardEvaluation lifecycle
Golden set checks
Benchmarked prompts and scenarios validate task quality and policy compliance before rollout.
Drift monitoring
Runtime variance in quality and confidence is monitored with alert thresholds and weekly review.
Trace coverage
Reviewer exports include request IDs, agent identities, tool scopes, and approval outcomes.
Corrective action
Failing controls trigger rollback, remediation owners, and a dated improvement plan.