Governance Surface
Trust & Governance
Real-time governance posture for this tenant. Every metric is live-fetched — no cached or mock data.
LIVE
v—
Trust Surface Active
Version Locked
Tenant Isolation Active
Replay Enabled
Audit —
System Status
—
—
—
Audit Coverage Indicator
Loading coverage…
RBAC Enforced · Tenant Isolation Active · Deterministic Replay Enabled
At a Glance
—
Cases Approved
of total cases
—
Audit Coverage
Every decision logged
—
Awaiting Review
Require human sign-off
—
Total Cases
All time
Decision Overview
Key Rates
LiveAuto-Approval Rate—
Decisions without human review
Audit Coverage—
Decisions with full audit trail
Flag Rate—
Cases flagged for escalation
Failure Rate—
Cases that could not be processed
Governance Control Status
LiveAudit Logging
Active
Every action recorded in real time
Decision Governance Engine
Running
Deterministic governance runtime operational status
Replay Tracking
Enabled
Any decision can be replayed exactly
Drift Monitoring
Watching
Detects unexpected model changes
Policy Enforcement
Enforced
Rules applied to every case
Security Posture
Cloud & Access Security
● SECURE
Source: /dashboard/system/security-status
Case Governance Lookup
Single-Case Replay Search
Enter an Artifact ID or Case ID to retrieve and replay governance decision
Recent Decisions (Audit Preview)
Governance Audit Log
SOC2 CC7.x · GDPR Art. 30 · Tenant-scoped · No raw sensitive data exposed
Replay and Governance Detail
Replay Coverage and Decision Trace
LIVE EVIDENCE
Schema and Data Lineage
LIVE EVIDENCE
Replay Integrity and Outcome
LIVE EVIDENCE
Replay Evidence Snapshot
BACKEND REPLAY PAYLOAD
Replay Evidence Snapshot shows backend replay fields only. If a field is missing here, it was not returned by the backend replay payload for the selected artifact. Governance evidence categories not yet emitted by the backend replay contract are listed separately under “Pilot Contract Gaps” below.
Pilot Contract Gaps
Not Implemented in Current Pilot Contract
PLANNED CONTROLS
The governance evidence categories below are part of the TraceLogic compliance roadmap but are not yet emitted by the backend replay contract for any artifact. They are listed here so the Live Evidence panels above remain an honest evidence surface. When the backend begins returning these fields, they will move into the Live Evidence panels and disappear from this one.
Need technical or compliance detail?
System status, version logs, data policy, full governance controls, extended audit report with risk flags.
Compliance Alignment
Regulatory Compliance Mapping
Phase 1
EU AI Act
High-risk AI system controls
Risk classification — confidence threshold gating enforced ✓ ACTIVE
Transparency — AI disclosure banner on all operator pages ✓ ACTIVE
Human oversight — separation of duties enforced (operator ≠ approver) ✓ ACTIVE
Audit trail — every decision logged with artifact_id + replay capability ✓ ACTIVE
Technical documentation — AI Technical File required ✓ ACTIVE
GDPR
Art. 5, 13, 25, 30
Data minimisation — no raw sensitive values exposed in UI ✓ ACTIVE
Processing records — GDPR Art. 30 log maintained in documents table ✓ ACTIVE
Tenant isolation — all data scoped by tenant_id via JWT ✓ ACTIVE
Right to explanation — deterministic replay + rule trace available ✓ ACTIVE
Data lineage — extraction method + source tracked per document ✓ ACTIVE
ISO 42001
AI Management System
Governance controls — audit logging, replay, drift monitoring active ✓ ACTIVE
Risk management — confidence-based gating + hard stop enforcement ✓ ACTIVE
Policy versioning — all artifacts carry policy_version for determinism ✓ ACTIVE
Controlled execution — single-use token + attestation + TTL enforced ✓ ACTIVE
Risk register — formal documentation required ✓ ACTIVE