Assessment instrument
Control catalog
A minimum control baseline for a bounded V.E.N.K.A.T implementation. Extend it for sector, jurisdiction, and system risk; preserve IDs and applicability decisions for traceability.
Tracking schema
Fields for every assessment record
IdentityAssessment ID, control ID/version, system/scope, layer, requirement, objective, criticality, mandatory-gate flag
AccountabilityControl owner, operator, tester, approver, business owner, assessor, segregation-of-duties check
ApplicabilityApplicable/not applicable, rationale, tailoring, inherited/shared control, provider, related obligation and risk IDs
TestingDesign result, operating result, method, population, sample, period, test date, next test, score, confidence
EvidenceEvidence IDs/links, source, owner, collection time, period covered, integrity/hash, retention, sensitivity
ActionFinding ID/severity, root cause, remediation owner/due date, roadmap item, exception ID/expiry, residual risk, status
Record integrity: evidence must be attributable, relevant to the assessment period, protected from unauthorized change, and reproducible by an independent assessor. A policy alone proves design—not operation.
V
Verified Data
Trusted inputs, lineage, quality, and lawful use.
| ID | Control requirement | Criticality | Minimum evidence | Certification test |
|---|---|---|---|---|
| V-01 | Decision-critical data has an accountable owner, approved business definition, semantic and structural contract, classification, and permitted-use statement. | Critical · Gate | Inventory, glossary/taxonomy links, contracts, approvals, classifications | Sample decisions; trace every critical input to its definition, semantics, current contract, source, and owner. |
| V-02 | Automated quality and freshness checks block, quarantine, or safely degrade on threshold breach. | Critical · Gate | Rules, SLOs, run results, alerts, disposition logs | Inject invalid and stale records; observe enforced response. |
| V-03 | End-to-end lineage and provenance connect source, transformations, model context, decision, and retained outcome. | High | Lineage graph, trace samples, change history | Reconstruct sampled outcomes without implementer assistance. |
| V-04 | Access, minimization, retention, deletion, and bias/privacy monitoring are risk-based and periodically reviewed. | High | Access reviews, DPIA, retention runs, bias results | Test unauthorized access and sample retention/deletion execution. |
E
Event-Driven Architecture
Reliable, attributable, recoverable operational signals.
| ID | Control requirement | Criticality | Minimum evidence | Certification test |
|---|---|---|---|---|
| E-01 | Critical events have owned, versioned schemas, semantics, keys, compatibility policy, and producer/consumer inventory. | Critical · Gate | AsyncAPI/schema records, compatibility results, ownership | Attempt incompatible change and confirm prevention or managed migration. |
| E-02 | Consumers safely handle duplicate, late, missing, malformed, and out-of-order events. | Critical · Gate | Idempotency design, test runs, DLQ records | Inject each failure mode and verify no unsafe duplicate action. |
| E-03 | Critical event paths have latency, availability, lag, loss, and recovery SLOs with actionable monitoring. | High | Dashboards, alerts, incidents, SLO reviews | Trace event latency end to end and observe threshold alert. |
| E-04 | Retention, replay, recovery, and dead-letter operations are authorized, auditable, and exercised. | High | Runbooks, access logs, recovery exercise | Perform controlled replay and reconcile resulting actions. |
N
Native Spatial Intelligence
Valid location, topology, routing, and jurisdictional context.
| ID | Control requirement | Criticality | Minimum evidence | Certification test |
|---|---|---|---|---|
| N-01 | Spatial data records authoritative source, timestamp, CRS, units, precision, uncertainty, and permitted use. | Critical · Gate | Metadata, contracts, catalog and sample payloads | Sample spatial decisions and verify complete, correct metadata. |
| N-02 | Routes and location actions enforce physical, safety, temporal, legal, and jurisdictional constraints. | Critical · Gate | Constraint registry, route tests, approvals | Attempt restricted-zone, over-limit, and infeasible routes. |
| N-03 | Topology, geofence, boundary, CRS transformation, and edge-case accuracy are validated before release. | High | Benchmark suite, defect log, release results | Run known boundary/CRS cases and compare expected outputs. |
| N-04 | Location privacy and degraded-position behavior are risk-based, transparent, and tested. | High | Privacy assessment, masking tests, fallback runbook | Lower confidence and verify safe fallback; test unauthorized precision. |
K
Knowledge Graphs
Governed semantics, claims, relationships, and inference.
| ID | Control requirement | Criticality | Minimum evidence | Certification test |
|---|---|---|---|---|
| K-01 | Ontology/schema, competency questions, identifiers, change authority, and versioning are approved and owned. | Critical · Gate | Ontology, decision log, ownership, versions | Trace a schema change through review, migration, and consumers. |
| K-02 | Material claims and relationships retain source, time, confidence, and inference status. | Critical · Gate | Provenance model, query samples, validation reports | Trace sampled asserted and inferred claims to sources. |
| K-03 | Graph constraints, identity resolution, conflicts, temporal validity, and inference rules are continuously tested. | High | SHACL/rule tests, conflict queue, accuracy sample | Insert conflicting identities/claims and verify detection. |
| K-04 | Authorization applies to nodes, edges, attributes, queries, exports, and derived sensitive knowledge. | High | Policy, entitlement review, query audit | Attempt cross-boundary query and inference; confirm denial and log. |
A
AI Orchestration
Bounded, observable, interruptible agent behavior.
| ID | Control requirement | Criticality | Minimum evidence | Certification test |
|---|---|---|---|---|
| A-01 | Every agent, model, prompt, tool, owner, version, intended use, limit, and dependency is registered before use. | High | Registry, approvals, deployment reconciliation | Reconcile runtime inventory to approved registry. |
| A-02 | Tool use is least-privileged, allow-listed, policy-checked, scoped per task, and denied by default. | Critical · Gate | Tool policy, IAM, authorization logs, negative tests | Attempt prohibited, excessive, and cross-tenant tool calls. |
| A-03 | Consequential actions require risk-based human approval or an explicitly approved autonomous boundary. | Critical · Gate | Decision matrix, approval logs, autonomy authorization | Execute threshold boundary cases and verify routing/approval. |
| A-04 | Emergency stop, timeout, rollback/compensation, safe state, and human escalation operate end to end. | Critical · Gate | Runbooks, drills, rollback records, escalation SLAs | Trigger kill switch and failed tool; verify containment and recovery. |
| A-05 | Pre-release and ongoing evaluations cover quality, security, prompt injection, excessive agency, drift, cost, and harmful outcomes. | High | Eval suite/results, red-team findings, release gate | Rerun representative/adversarial tests and reconcile decision. |
T
Trust & Governance
Accountability, assurance, security, recourse, and resilience.
| ID | Control requirement | Criticality | Minimum evidence | Certification test |
|---|---|---|---|---|
| T-01 | Named business and technical owners accept purpose, risk tier, decision rights, autonomy, and residual risk. | Critical · Gate | RACI, charter, risk acceptance, governance minutes | Interview owners; reconcile authority to signed records. |
| T-02 | Security, privacy, safety, human-rights, legal, and supplier impact assessments precede deployment and material change. | Critical · Gate | Assessments, threat model, legal/supplier reviews | Trace identified harms to controls, tests, and accepted residuals. |
| T-03 | Immutable-enough logs reconstruct identity, inputs, context, policy, reasoning record, approval, action, and outcome. | Critical · Gate | Audit schema, retention/integrity controls, trace samples | Reconstruct selected consequential actions independently. |
| T-04 | Affected users receive appropriate notice, explanation, human review, correction, and recourse within defined SLAs. | High | Notices, explanation samples, appeal records, SLA dashboard | Submit a challenge and trace it through closure. |
| T-05 | AI incidents are detected, contained, reported, learned from, and tested with business continuity and recovery. | Critical · Gate | Plan, drills, incidents, after-action improvements | Run a severe scenario and verify notification, stop, and recovery. |
| T-06 | Exceptions are approved by authorized risk owners, narrowly scoped, compensated, monitored, and automatically expire. | High | Exception register, approvals, expiry alerts, closure evidence | Sample open/closed exceptions and test expired access/control. |
Assessment rule
Score design and operation separately
0 · Absent
No credible design, or the requirement is contradicted in practice.
1 · Designed
Approved design exists, but operation is unproven or too recent.
2 · Partial
Operating evidence exists but has gaps, exceptions, limited coverage, or inconsistent results.
3 · Effective
Designed appropriately and operating consistently for the assessment period with reproducible evidence.
Weights: Critical = 3, High = 2, Standard = 1. Pass requires ≥85% overall and per critical layer; every “Gate” row must score 3. See the full decision workflow and assessment record template.