Governance
Decision rights, accountability, policies, oversight, escalation, and monitoring that direct how the system is designed and used.
T · Trust & Governance deep dive
Make autonomy accountable and contestable
Govern purpose, authority, risk, security, privacy, safety, suppliers, evidence, incidents, exceptions, and recourse across every layer.
Core concepts
Trust is an evidence-backed relationship
Risk
The effect of uncertainty on objectives, described as a cause–event–impact scenario for people, business, society, assets, or obligations.
Control
A policy, process, technical measure, or human action designed to modify risk; it needs an owner, test, evidence, and failure response.
Assurance
Independent confidence that claims and controls are appropriately designed and operating, based on sufficient relevant evidence.
Transparency
Appropriate notice about purpose, data, automation, limitations, responsible owner, and how to seek review—not disclosure of sensitive internals.
Explainability
Information sufficient for the audience to understand material factors, evidence, policy, uncertainty, and alternatives behind an outcome.
Recourse
A usable route for affected people to challenge, correct, appeal, obtain human review, and receive timely resolution.
Exception
A narrowly scoped, authorized, time-bound departure with risk analysis, compensation, monitoring, remediation, and automatic expiry.
Operating model
Three lines with clear decision rights
1
Own and operate
Business and technical owners define purpose, outcomes, controls, operate the system, monitor results, and remediate failures.
2
Challenge and govern
Risk, security, privacy, legal, safety, architecture, and responsible-AI functions set policy and independently challenge design and operation.
3
Assure
Internal audit or qualified independent assessors sample evidence, rerun tests, report findings, and support an impartial certification decision.
| Decision | Accountable authority | Minimum evidence |
|---|---|---|
| Approve intended use and autonomy | Business risk owner with technical/accountability sign-off | Impact assessment, risk tier, boundaries, controls, residual acceptance |
| Release/material change | Release authority and architecture/AI governance | Evaluations, gate results, threat/privacy/safety reviews, rollback readiness |
| Control exception | Authorized risk owner independent of implementer | Justification, scope, risk, compensation, monitoring, expiry, remediation |
| Incident stop/restart | Named incident commander and business owner | Severity, containment, evidence preservation, recovery criteria, approval |
| Certification | Certification authority independent of delivery | Scope, score, mandatory gates, findings, exceptions, residual risk, opinion |
Technology map
Governance is a control system, not one product
| Need | Open / specialized | Databricks | Snowflake | Microsoft Fabric / Azure |
|---|---|---|---|---|
| Identity/access | OIDC/OAuth, Keycloak, OPA/Cedar, Vault, cloud IAM | Unity Catalog, account/workspace IAM, service principals, secrets | RBAC, network policies, masking/row access policies, secrets integrations | Entra ID, Fabric roles/item permissions, managed identities, Key Vault |
| Data/AI governance | Collibra, Alation, OpenMetadata, DataHub; model registries | Unity Catalog, model registry, system tables, Unity AI Gateway | Horizon Catalog, classification, tags, policies, model/agent metadata | OneLake Catalog/Purview integration, Purview, Foundry governance |
| Policy enforcement | Open Policy Agent, Cedar, API gateways, service mesh | Catalog/IAM policies plus gateway or external business policy engine | Row/masking/network policies plus gateway or external business policy | Azure Policy, API Management policies, Entra Conditional Access, Purview controls |
| Security/observability | OpenTelemetry, SIEM/SOAR, EDR/CNAPP, immutable logs | Audit/system tables, Lakehouse monitoring, cloud SIEM integration | Access/query history, alerts, event tables, security monitoring | Azure Monitor, Application Insights, Defender, Sentinel, Fabric monitoring |
| AI safety/evaluation | OWASP guidance, promptfoo/Giskard/Garak, custom red-team suites | MLflow evaluation/tracing, AI Gateway monitoring/guardrails | Cortex evaluation/guardrails and telemetry capabilities | Azure AI Content Safety, Foundry evaluations/red teaming, Responsible AI tooling |
| GRC/evidence | ServiceNow/Archer/OneTrust or equivalent GRC, ticketing, evidence store | Export catalog, audit, test, incident, and model evidence to GRC | Export governance, access, quality, query, agent, and incident evidence | Purview/Defender/Sentinel/DevOps evidence integrated with enterprise GRC |
Control allocation: native platform controls cover only their boundary. Document inherited cloud/provider controls, customer-configured controls, external workflow/policy controls, and manual governance—then test the full chain.
Implementation
How to achieve the T layer
Mandate
Establish policy, governance bodies, accountable owners, risk appetite, prohibited uses, escalation, funding, and independent assurance.
Classify
Inventory systems and assign impact/risk tiers based on decisions, autonomy, affected populations, data, scale, reversibility, and law.
Assess
Perform business, security, privacy, safety, human-rights, misuse, supplier, resilience, and regulatory assessments.
Control
Map risks/obligations to preventive, detective, corrective, and governance controls with owners, tests, evidence, and metrics.
Gate
Require architecture, data, model/agent, security, legal, operational readiness, stop/recovery, and certification gates before release.
Sustain
Monitor outcomes, drift, incidents, recourse, exceptions, suppliers, regulations, and material change; reassess at least annually.
Evidence
- Charter, RACI, policy, risk tier and approved system boundary
- Impact/threat/privacy/safety/supplier assessments and risk register
- Control matrix, test records, immutable-enough audit samples
- Training, access reviews, incidents, recourse, exceptions, dashboards, minutes
Acceptance
- Every material risk has an owner, treatment, control, test, residual decision.
- Affected users can obtain notice, correction, review, and recourse.
- A severe incident can be detected, stopped, reconstructed, reported, and recovered.
- Independent assessors can reproduce the certification conclusion.