Trust Ledger
Overall AI Risk: Moderate
Sample • Illustrative
Noetfield Trust Ledger — Sample Board Report (Q1 2026)
Illustrative online sample showing how a Trust Ledger can present material AI systems, changes, incidents / near misses, controls & testing, and board actions in a format designed for board review and audit traceability.
This sample contains no client data. Metrics, systems, and events are illustrative.
Quick links
For procurement intake (Invoice/PO): use the procurement lane and submit a non-confidential request.
1. Executive Summary Top-level signals and decisions for the Board
Headlines
- S-01 (Credit decision assistant) remained stable; no material deterioration in key risk metrics after last-quarter parameter adjustments.
- S-03 (Vendor risk screening) is ready for controlled production launch, subject to board approval of conditions in Section 7.
- One medium-severity near miss (I-01) was intercepted by human review; guardrails and reviewer guidance were strengthened.
Board decisions requested
- Approve deployment of S-03 into production with safeguards and monitoring thresholds.
- Confirm decommissioning of legacy classifier S-07 and retention of logs per retention standard.
Decision items are listed in Section 7 with recommended actions and deadlines.
2. AI System Inventory Snapshot Material AI systems in scope for the period
| ID | System / Use Case | Business Owner | Model / Provider | Infrastructure | Data Sensitivity | Risk Tier | Status |
|---|---|---|---|---|---|---|---|
| S-01 | Credit decision assistant — retail limits | CRO | Internal model + frontier API (guardrailed) | GPU-backed cloud | High | Tier 2 | Production |
| S-02 | Customer support triage — inbound messages | COO | Hosted LLM + internal guardrails | Cloud CPU | Medium | Tier 3 | Pilot |
| S-03 | Vendor risk screening — high-risk vendors | CRO | Composite (internal + third-party) | GPU-backed cloud | Medium | Tier 2 | Pre-production |
Scope note: In a live ledger, each system entry links to a system profile (purpose, data boundary, owners, controls, test results, evidence IDs).
3. Significant Changes This Period New, changed, and decommissioned systems
| Change Type | System ID | Description | Rationale | Governance Actions | Effective Date |
|---|---|---|---|---|---|
| New | S-03 | AI-based vendor screening for high-risk vendors. | Reduce manual review time, increase consistency, improve coverage. | AI Governance Committee review; recommended for Board approval with monitoring conditions. | 2026-01-15 |
| Parameter change | S-01 | Max auto-approved credit limit increase adjusted from +10% to +15% for low-risk customers. | Align with peer practice while staying within board-approved appetite. | Impact analysis reviewed; change endorsed subject to weekly drift and delinquency monitoring. | 2026-01-28 |
| Decommissioned | S-07 | Legacy NLP classifier in complaints routing decommissioned. | Consolidated into S-02 with stronger monitoring and vendor support. | Decommission plan approved; logs archived per retention standard (illustrative: 7 years). | 2026-02-03 |
4. Incidents, Exceptions, and Near Misses Material AI-related events during the period
| Ref | Date | System ID | Severity | Description | Root Cause | Actions Taken | Status |
|---|---|---|---|---|---|---|---|
| I-01 | 2026-01-07 | S-01 | Medium | Suggested credit-term adjustment would have breached internal affordability guidance; intercepted by human review before customer impact. | Prompt/configuration gap; missing explicit affordability constraint. | Guardrail added; prompts updated; reviewer guidance tightened; incident template added to playbook. | Closed |
Regulatory note (illustrative): No events met external notification thresholds this period under current guidance.
5. Controls & Testing Key controls, owners, cadence, and results
| Control ID | Control Description | Systems in Scope | Owner | Testing Frequency | Last Test Date | Result |
|---|---|---|---|---|---|---|
| C-01 | Human-in-the-loop review for all high-impact credit decisions. | S-01 | Risk | Each batch | 2026-02-20 | Effective — no unreviewed high-impact decisions identified. |
| C-02 | Pre-deployment configuration and prompt review for Tier 1–2 systems. | S-01, S-03 | AI Governance | Per deployment | 2026-02-05 | Minor findings — documentation tightened; remediated within the period. |
| C-03 | Quarterly performance and drift review with challenge from Risk. | S-01 | Model Risk | Quarterly | 2026-02-12 | Effective — within tolerance; no recalibration required. |
Control gap note (illustrative): Extend quarterly drift review to S-03 post go-live and formalize evidence capture requirements for C-02.
6. Provider & Infrastructure View How external providers and compute are used
Hosted / frontier services
- Total API calls: 1.8M (illustrative) • +12% vs prior quarter
- High-risk use cases: 2 (S-01, S-03)
- Incidents: 1 (see I-01)
Contracting note (illustrative): data-use, retention, and audit clauses aligned to internal standard AIG-03; access is restricted and centrally logged.
GPU-backed workloads
- GPU hours: 420 (illustrative) • +8% vs prior quarter
- New models deployed: 1 (S-03)
- Governance reviews: 3 completed pre go-live
Security posture (illustrative): restricted cloud environment with network segmentation, identity controls, and immutable logging.
Executive access & device posture (illustrative): board/exec access to AI governance artefacts is restricted to managed devices with enforced encryption and strong authentication; exceptions are time-bound and approved.
7. Board Actions & Approvals Decision items for board sign-off
| Item | Description | Request | Recommended Decision | Deadline |
|---|---|---|---|---|
| BA-01 | Approve deployment of S-03 into production with monitoring thresholds and human-review steps (see Sections 3 and 5). | Approve / Amend / Reject | Approve with conditions — quarterly review of FP/FN rates; escalation triggers if thresholds breached. | 2026-03-10 |
| BA-02 | Confirm decommissioning of S-07 and archival of logs and documentation for audit and supervisory review. | Confirm | Approve — no remaining dependency; replacement S-02 in place. | 2026-03-10 |
Implementation note (live deployment): each board action links to an evidence bundle (approvals, test results, risk sign-offs) and records an “Owner / Due / Status” trail.
8. Annex (Illustrative) What a live Trust Ledger attaches or links
- Tier 1–2 system profiles (scope, data boundary, safeguards, owners, KPIs, evidence IDs).
- Full incident/near-miss reports (root cause, corrective actions, control updates, evidence).
- Control mapping to standards and regulations (policy → control → test → evidence chain).
- Glossary for non-technical directors (terms, thresholds, materiality rules).
This online sample is intentionally concise; production deployments can be configured for your governance model, audit requirements, and board cadence.