Targets & acceptance

• Define accuracy/utility targets, fairness thresholds, safety limits and latency/availability SLOs.
• Acceptance gates with owner sign-off; publish tolerances and monitoring strategy.

Cohorts & contexts

• Slice performance by protected attributes (where lawful), environment, channel and language.
• Stress contexts: noisy inputs, domain shift, long-tail prompts, time-pressure, partial failures.

Robustness & adversarial testing

• Adversarial examples; perturbations; conflicting instructions; model inversion/extraction tests.
• Safety decks: disallowed content, self-harm, medical/legal claims, financial advice.

LLM/Jailbreak protection

• Prompt hygiene; system/policy prompts; refusal rules; tool-use restrictions; content classification pre/post-generation.
• Guardrails for personally identifiable/sensitive content; grounding and citation checks for RAG.

Hardening patterns

• Input validation; safelist/denylist; output sanitisation; deterministic fallbacks for critical flows.
• Network isolation; egress control; key management; policy-gated CI/CD; canary releases.

Observability & SLOs

• Golden signals: latency, errors, saturation, cost, queue depth, and model-quality signals.
• Pager duty with SLO burn-rate alerts; automated triage and playbooks.

Supply-chain & attestations

• SBOM; model provenance; license checks; vendor attestations (evaluation scope, safety, security).
• Third-party risk assessments; contract clauses for incident support and notifications.

Privacy & secure MLOps

• Secrets rotation; short-lived tokens; data minimisation in traces; access logging and approvals.
• PII scanning in prompts/outputs; redaction; consent flows; per-tenant isolation where applicable.

Resilience & rollback

• Downgrade modes (heuristics/manual review) for safety-critical flows; circuit-breakers.
• Backups, disaster recovery RTO/RPO; cross-region failover; rollback buttons with validation.

Governance & waivers

• Risk acceptance/waiver process with expiry; senior accountability; regular review cadence.

Evidence & change control

• Keep evaluation suites, red-team results, jailbreak logs, security tests and sign-offs in the evidence pack.
• All changes via tickets with diffs, approvers and rollback criteria linked to PMM.

Implementation checklist

• Targets set per cohort/context; adversarial/robustness tests defined; guardrails live.
• Observability and SLOs active; supply-chain attestations stored; rollback rehearsed.

© Zen AI Governance UK Ltd • Regulatory Knowledge • v1 05 Nov 2025 • This page is general guidance, not legal advice.