AI PROOF PACKET TEMPLATE (ENTERPRISE-READY) Purpose This packet is what you hand to a security reviewer, procurement, or a regulated customer to answer: what the system does, what data it touches, how it’s controlled, and how you respond when it fails. 1) System Overview (1 page) - Product description: what tasks the AI system performs in production. - Deployment model: SaaS / single-tenant / on-prem / customer cloud. - Primary users: roles and permission levels. - Critical actions: list actions that can change data, send messages, approve transactions, or impact users. 2) Architecture + Data Flow (diagram + bullets) - Inputs: user prompts, files, APIs, event streams. - Processing: orchestration layer, retrieval layer, tool calls. - Model providers: list (e.g., OpenAI, Anthropic, Google) and where requests are sent. - Storage: logs, embeddings/vector DB, uploaded files, caches. - Egress: where outputs go (apps, emails, tickets, CRM writeback). 3) Data Handling Policy (clear and specific) - Data classification: what types you accept (PII, PHI, financial data) and what you prohibit. - Retention: how long you store prompts, outputs, and traces; deletion workflow. - Tenant isolation: how you prevent cross-customer data exposure. - Access controls: who inside your company can access production data and under what approval. 4) Model & Prompt Change Control - Versioning: how you version model selection, system prompts, tools, and retrieval settings. - Release process: what must pass before deployment (tests/evals, approvals). - Rollback plan: how you revert quickly and what triggers a rollback. 5) Evaluation Summary (what you test, not vague claims) - Task list: 10–30 representative tasks tied to customer workflows. - Acceptance criteria: what “good” means per task (accuracy, citations, refusal behavior, action correctness). - Known failure modes: top risks (prompt injection, data leakage, unsafe actions, wrong citations). - Regression checks: how you detect quality drops after changes. 6) Logging & Auditability - What you log per request: request ID, user ID, model ID, prompt hashes, tools invoked, retrieval sources, policy checks. - How logs are protected: encryption, access control, tamper resistance. - Export process: how you produce an audit extract for a customer. 7) Incident Response Runbook (operational, not aspirational) - Severity levels: define what counts as a critical AI incident. - Triage steps: how you confirm and reproduce the issue. - Containment: disabling tools, blocking actions, model switch, feature flag off. - Customer communication: who notifies, what timeline, what artifacts you provide. - Post-incident: root cause, corrective actions, eval additions. 8) Customer Controls (what buyers can configure) - SSO/SAML availability. - Role-based access control. - Approval workflows for high-impact actions. - Data source connectors and permission enforcement. - Policy settings (content filters, action scope limits, retention choices). How to use this template - Fill it once, then treat it as a living document tied to releases. - Make every claim testable: if you say “we log X,” show an example redacted trace. - Store the packet in the same repo/process as code changes so it stays current.