Governance & Accountability

Every production agent has a designated technical owner and a business owner, documented in an agent registry.

A named individual — not a team or a role queue — is the accountable risk owner for each agent. The risk owner has the documented authority to suspend the agent at any time without further approval, and is the point of contact for HI-AAF assessors during a Letter of Assessment.

Each agent has a published Agent Behavior Charter documenting intended purpose, authorized scope, permitted tools and data, prohibited actions, escalation paths, and review cadence.

The Behavior Charter is the controlling document for an agent in production. It captures the agent's intended purpose, authorized scope, permitted tools and data sources, prohibited actions, escalation paths, and review cadence. It is the single artifact an assessor reviews first and the document against which all other controls are measured.

An Agent Risk Register is maintained, scoring each agent on impact and likelihood, reviewed at least quarterly by accountable leadership.

The risk register captures, for each agent, the categories of harm the agent could cause, the likelihood and severity of those harms, the controls applied to reduce them, and the residual risk accepted by the risk owner. It is reviewed at a documented cadence — at least quarterly — by leadership with authority to accept, escalate, or remediate risks.

An AI Acceptable Use Policy is approved at executive level and acknowledged by all personnel involved in agent development, deployment, or operation.

The organization has a written AI Acceptable Use Policy that has been formally ratified by executive leadership and acknowledged by every individual involved in the agent lifecycle — development, deployment, and operations. The policy sets boundaries on what agents may be used for, how they may interact with customers and systems, and the obligations of personnel working with them.

A change management process governs material modifications to agent prompts, tools, model versions, or scope. Material changes require re-assessment under Domain 2.

Material changes to an agent — model swap, scope expansion, tool addition, prompt modification — require approval at a documented level before reaching production. The change management process defines what constitutes a material change, who approves it, and what re-assessment is triggered. Changes that bypass the process are treated as incidents.

Roles and responsibilities for the agent lifecycle (design, build, deploy, monitor, retire) are documented in a RACI or equivalent.

A documented responsibility matrix — RACI or equivalent — assigns clear ownership for every phase of the agent lifecycle: design, build, deploy, monitor, and retire. The matrix is current and covers all agents in scope. Ambiguity in who is responsible for a lifecycle phase is one of the most common findings in HI-AAF assessments.

Personnel involved in agent operations complete role-appropriate training on agent security and responsible AI at least annually.

Everyone involved in the agent lifecycle — developers, operators, reviewers, risk owners — receives training appropriate to their role on agent security, responsible AI practices, and the organization's AI policies. Training is refreshed at least annually and covers the specific risks and controls relevant to the agents those personnel work with.

Material AI agent risks are reported to executive leadership and, where appropriate, to the board on a defined cadence.

The board, or an equivalent designated governance committee, receives at a documented cadence (no less than annually for L3) a written report on the organization's AI agent estate: number of agents in scope, material incidents in the period, maturity trend, and any controls failing to operate.

Each agent has a documented decommissioning procedure covering data destruction, in-flight transaction handling, credential revocation, log retention, and removal from the agent registry.

Decommissioning an agent — including data disposal — follows a documented process and is logged. The procedure covers data destruction and retention per policy, in-flight transaction handling, affected-user notification, credential and authorization revocation, log retention post-retirement, and removal from the agent registry. Decommissioning evidence is retained for audit.

A coordinated vulnerability disclosure (CVD) process is published, including intake channel, acknowledgment SLA, triage and remediation timelines, and safe-harbor language.

The organization publishes a coordinated vulnerability disclosure process for its AI agents and supporting infrastructure. The process includes a public intake channel, an acknowledgment SLA, documented triage and remediation timelines, and safe-harbor language for good-faith researchers. CVD findings flow into the change management process under GOV-05.

For agents classified as high-risk under applicable regulation, a technical documentation pack equivalent to EU AI Act Annex IV is maintained and updated on material change.

For each agent classified as high-risk under applicable regulation (e.g., EU AI Act Annex III), a technical documentation pack is maintained covering system description, design specifications, data governance, monitoring evidence, accuracy and robustness metrics, and risk-management process records. The pack is updated on every material change and is available for regulatory inspection.