Guardrail Framework Governance
Governance procedures for the Hardened Quantitative Guardrail Framework including approval workflows, recalibration processes, and dual-control requirements.
Version: 1.0.0 Effective Date: 2025-12-26 Owner: Risk Team Review Cycle: Quarterly
Overview
This document establishes governance procedures for the Hardened Quantitative Guardrail Framework. It defines approval workflows, recalibration processes, and dual-control requirements to ensure consistent, auditable risk management.
Recalibration Checklist
Model recalibration MUST follow this checklist to ensure parameter changes are validated, tested, and properly governed before deployment.
Prerequisites
| Requirement | Owner | Evidence |
|---|---|---|
| Minimum 90 days of production data collected | Data Engineering | Telemetry export |
| No active incidents involving guardrail system | Operations | Incident dashboard |
| Previous quarter's calibration complete | Risk Lead | Git tag exists |
Phase 1: Data Validation
- 1.1 Export holdout data from telemetry system (minimum 1,000 proposals)
- 1.2 Verify holdout data was not used in current model training
- 1.3 Confirm data distribution matches production (KL divergence < 0.5)
- 1.4 Document data period:
____-__-__ to ____-__-__ - 1.5 Calculate baseline metrics on holdout:
- False Positive Rate:
____% - False Negative Rate:
____% - Decision Accuracy:
____%
- False Positive Rate:
Sign-off: Data Engineering Lead
Date: ____-__-__
Phase 2: Parameter Optimization
- 2.1 Run calibration script on holdout data (see Implementation Plan §Phase 4)
- 2.2 Document proposed parameter changes:
| Parameter | Current Value | Proposed Value | Justification |
|---|---|---|---|
epsilon_R | |||
epsilon_P | |||
risk_trigger_factor | |||
profit_trigger_factor | |||
trigger_confidence_prob | |||
novelty_gate.N0 | |||
novelty_gate.k | |||
novelty_gate.output_threshold | |||
complexity_floor | |||
quality_min_score |
- 2.3 Back-test proposed parameters on historical data
- 2.4 Calculate performance delta:
- FPR change:
____% - FNR change:
____% - Net improvement:
____%
- FPR change:
Sign-off: ML Engineering Lead
Date: ____-__-__
Phase 3: Shadow Testing (Phase 1 Tests)
- 3.1 Deploy proposed parameters to shadow environment
- 3.2 Run parallel scoring for minimum 7 days
- 3.3 Compare shadow vs production decisions:
- Agreement rate:
____% - Divergence cases reviewed:
___/___
- Agreement rate:
- 3.4 Document any edge cases where new parameters perform worse
- 3.5 Confirm no regression in guardrail catch rate
Sign-off: QA Lead
Date: ____-__-__
Phase 4: Red-Team Validation (Phase 2 Tests)
- 4.1 Run Monte Carlo fuzzing suite (minimum 10,000 synthetic proposals)
- 4.2 Execute boundary condition tests:
- Near-threshold proposals (±5% of trigger)
- Zero-baseline edge cases
- Maximum complexity proposals
- Novelty boundary (N = 0.69-0.71)
- 4.3 Verify no new exploit vectors introduced
- 4.4 Confirm adversarial resistance maintained
Sign-off: Security Engineering Lead
Date: ____-__-__
Phase 5: Dual-Control Governance Approval
CRITICAL: This phase implements dual-control governance requiring TWO independent risk approvers.
Primary Risk Approval
Risk Lead Review:
- 5.1 Reviewed all phase sign-offs above
- 5.2 Verified holdout data independence
- 5.3 Confirmed no degradation in protection
- 5.4 Assessed business impact of parameter changes
- 5.5 Approved proposed parameters
| Approver | Role | Signature | Date |
|---|---|---|---|
| Risk Lead |
Secondary Risk Approval (Dual-Control)
Second Risk Approver Review:
The second approver MUST be independent from the primary approver and MUST NOT have participated in the calibration process.
- 5.6 Independently reviewed calibration methodology
- 5.7 Verified dual-control separation of duties
- 5.8 Confirmed no conflicts of interest
- 5.9 Validated test coverage sufficiency
- 5.10 Approved proposed parameters
| Approver | Role | Signature | Date |
|---|---|---|---|
| Second Risk Approver |
Dual-Control Verification:
- Both approvers are from the Risk team or equivalent authority
- Approvers have no reporting relationship to each other
- Minimum 24-hour separation between approvals (cooling-off period)
Phase 6: Deployment
- 6.1 Create new parameter file:
guardrail_params_v_._.json - 6.2 Open Pull Request with:
- Parameter file changes
- Updated Interface Contract (if schema changes)
- This completed checklist as PR description
- 6.3 PR approved by CODEOWNERS
- 6.4 Merge to main branch
- 6.5 Create Git tag:
guardrail-v_._-freezegit tag -a guardrail-v1.2-freeze -m "Freeze guardrail params at v1.2 (Q_ 202_)" git push origin guardrail-v1.2-freeze - 6.6 Verify production deployment of new parameters
- 6.7 Confirm telemetry logging new
param_snapshot_id
Sign-off: DevOps Lead
Date: ____-__-__
Phase 7: Stakeholder Communication
- 7.1 Notify stakeholders of parameter update:
- Risk Committee
- Engineering Leadership
- Operations Team
- Compliance (if applicable)
- 7.2 Send communication including:
- Summary of changes
- Effective date
- Expected impact
- Rollback procedure reference
- 7.3 Update internal documentation
- 7.4 Schedule next quarterly calibration review
Communication Template:
Subject: Guardrail Parameters Updated to v_._ (Q_ 202_)
Team,
The guardrail framework parameters have been recalibrated and deployed.
Key Changes:
- [List parameter changes]
Effective: [Date]
Git Tag: guardrail-v_._-freeze
Performance Impact:
- False Positive Rate: [X%] → [Y%]
- False Negative Rate: [X%] → [Y%]
Rollback: If issues arise, revert to guardrail-v_._-freeze per IRP.
Questions? Contact Risk Team.Sign-off: Communications Lead
Date: ____-__-__
Governance Roles
| Role | Responsibility | Authority |
|---|---|---|
| Risk Lead | Primary recalibration approval | APPROVE/REJECT parameters |
| Second Risk Approver | Dual-control validation | APPROVE/REJECT (independent) |
| ML Engineering Lead | Calibration execution | RECOMMEND parameters |
| Data Engineering Lead | Data validation | CERTIFY data quality |
| QA Lead | Shadow testing | CERTIFY test results |
| Security Engineering Lead | Red-team validation | CERTIFY security |
| DevOps Lead | Deployment execution | EXECUTE deployment |
Escalation Path
If any phase fails or concerns arise:
- Phase 1-4 Failure: Return to beginning of failed phase after remediation
- Phase 5 Rejection: Escalate to Risk Committee with documented concerns
- Phase 6-7 Issues: Invoke rollback procedure per Incident Response Plan
Audit Trail Requirements
All recalibration events MUST be logged:
| Field | Description |
|---|---|
recalibration_id | Unique identifier (UUID) |
initiated_date | ISO-8601 start date |
completed_date | ISO-8601 completion date |
previous_version | e.g., guardrail-v1.1-freeze |
new_version | e.g., guardrail-v1.2-freeze |
primary_approver | Risk Lead identifier |
secondary_approver | Second Risk Approver identifier |
data_period_start | Holdout data start date |
data_period_end | Holdout data end date |
pr_number | GitHub PR number |
commit_sha | Merge commit SHA |
References
- Specification v1.1.1 - Core metric definitions
- Implementation Plan Phase 4 - Continuous Calibration
- Interface Contract - Parameter schema
- RFC 2119 - Requirement level keywords
Changelog
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0.0 | 2025-12-26 | Claude Code | Initial creation (GAP Issue #4) |
AI Governance
AEGIS AI governance controls aligned with international standards and frameworks including NIST AI RMF, EU AI Act, ISO 42001, SOC 2, and FedRAMP High.
AEGIS Advisor
Interactive governance decision helper — answer plain-language questions and get an AEGIS decision without writing JSON or choosing parameter values.