The 7-ring AI governance self-assessment.
A 30-minute scoring exercise for AI product teams that need a ranked gap list, not another abstract control catalog.
The 7-ring AI governance self-assessment scores each layer of an LLM product from 0 to 3: access, input validation, output guardrails, runtime monitoring, escalation, audit logging, and dynamic output-side governance.
Evidence caps the score.
A score of 2 means the control exists and works. A score of 3 means it exists, works, and has been tested under failure. If the team cannot name an artifact, the score is at most a 1.
Score each ring from 0 to 3.
Write one sentence of evidence for every score.
Sort the rings ascending and close the lowest two first.
Assign one 90-day action and one owner per gap.
Governance has to cover the full runtime path.
Most AI governance reviews over-index on access, policy, and audit history. LLM products also need live controls at the moment the model is deciding, acting, and producing output.
Access and permissions
Authentication, tenant isolation, RBAC, and pre-flight permission checks before the model is invoked.
Input validation
Prompt-injection defense, SQL safety gates, payload schema validation, and tenant-scoped input filtering.
Output guardrails
PII redaction, secrets filtering, output intent validation, and deterministic fallback behavior.
Runtime monitoring
Request-level traces, stage events, structured logs, correlation IDs, latency, and model-call metadata.
Escalation and alerting
Downvote capture, abuse signals, repeated-denial alerts, and a named human owner for material failures.
Audit logging
Append-only records, retention, per-message reconstruction, and durable linkage between user, tenant, decision, and evidence.
Dynamic output governance
Drift gates, cost guardrails, anomaly detection, scheduled regression checks, and merge-blocking eval thresholds.
The thinnest ring is usually dynamic output governance.
Teams often have authentication, logs, and audit tables because older software review patterns demand them. The live output side is thinner: drift gates, anomaly detection, rate limits, merge-blocking eval thresholds, and alerting from the eval harness to a human owner.
An eval harness that nobody runs is not a control.
A Slack notification that never blocks a merge is not a gate.
A denial rendered to the user but not alerted to an admin is not escalation.
The result should be a ranked closure plan.
This assessment is useful only if it produces a list the team can act on this quarter. The lowest-scored ring becomes the next closure action. The second-lowest becomes the backup if the first requires broader approval.
Name the artifact that would prove the gap is closed.
Name the owner responsible for that artifact.
Set the revisit date before the assessment ends.
Practical questions, answered plainly.
No. It is an operating assessment for product and platform teams. It can support compliance evidence, but its job is to find runtime governance gaps.
At minimum: an AI product or platform owner and one engineer who can identify real artifacts. Risk, security, or compliance should join when the system touches regulated workflows.
Close the lowest-scored ring first with a 90-day action. Do not spread effort evenly across all seven rings.