Telemetry schema

• When, who (pseudonymised), input type, output type, scores/confidence, model/dataset version, policy/guardrail version.
• Oversight actions (approve/reject/override), escalations, errors, throttles, downgrade events.

Privacy & minimisation

• Redact/aggregate; store proofs not raw contents when possible; tokenised references to sensitive items.

Traceability & linkage

• Join keys across approvals, deployments, incidents, CAPA and PMM dashboards.
• Retain model/data lineage IDs to reconstruct “as-decided” context.

Security & integrity

• Immutable storage/WORM for critical trails; signing; integrity checks; least-privilege access; tamper alerts.

Observability & dashboards

• Golden signals + safety/fairness metrics; drill-downs per cohort; SLO burn-rates; paging integrations.

Retention & access

• Tiered retention; anonymised analytics after raw expiry; audited access paths; export for regulator/audit.

Incidents & evidence bundles

• Bundle prompts/inputs/outputs with versions and decisions; attach screenshots, user comms, and CAPA tickets.

Sampling & cost control

• Smart sampling per cohort/severity; keep full fidelity for safety-critical events.

Third-party logging

• Contracts specify fields, latency, integrity, retention, and incident access; periodic evidence of compliance.

Legal holds & discovery

• Legal hold workflow; segregated storage; discovery exports; chain-of-custody records.

Governance & ownership

• Named log owner; change control for schema; quarterly reviews of access/retention.

Implementation checklist

• Schema approved; privacy minimisation enforced; dashboards live; linkage to incidents/CAPA operational.

© Zen AI Governance UK Ltd • Regulatory Knowledge • v1 05 Nov 2025 • This page is general guidance, not legal advice.