Sheet 10 · Controls
Security and Governance
Controls designed for industrial and export-sensitive environments.
Public
Approved for anyone. Marketing copy, published documentation.
Internal
Everyday business content. Approved cloud AI platforms with tenant controls.
Confidential
Commercially sensitive. Isolated processing, strict need-to-know.
Restricted
Export-controlled, defense-related, or customer-controlled. Never sent to public consumer AI services.
Data classification drives everything. Four classes — Public, Internal, Confidential, Restricted — determine which platforms may touch which data. Restricted engineering, defense-related, export-controlled, or customer-controlled information is never sent to public consumer AI services.
Controls in this plan:
- Approved-platform matrix and least-privilege access
- Human approval on all published knowledge and pricing content
- Audit logs for administrative and AI activity
- Model and prompt versioning, with citations required on assistant answers
- Server-side-only AI calls — the browser never talks to the model directly
- Rate limiting, upload allowlists, and malware scanning where available
- Incident response, vendor review, and periodic evaluation
Honest failure modes: when the assistant lacks an approved source, it says so and escalates to a human instead of guessing.