Trigger
Features with autonomous actions. High-risk domains (healthcare, finance, legal). Cross-user data. Generative content shared publicly.
Advertisement
Review inputs
Threat model. Impact assessment. Test results. Mitigations. Rollout plan.
Advertisement
Approval criteria
Documented risks understood. Mitigations sufficient. Monitoring in place. Rollback plan.
Cadence
Weekly board meeting. Emergency approval process. Post-launch review after N days.