Go-live acceptance

Separate RiskOS workspace review from production risk-system acceptance.

RiskOS can be reviewed as an AI risk governance workspace today. Production use with sensitive risk evidence requires backend authentication, tenant storage, encrypted evidence handling, immutable audit logging, backup/restore, and named buyer approval.

Run adoption review Download go-live approval Download evidence register Open board packet

Acceptance sequence

Run these gates before any paid production handoff.

1. Name ownersBuyer legal entity, workspace, risk owner, security owner, legal approver, executive approver, and EyeLogs owner.
2. Prove backendVerify backend health, authentication, role permissions, tenant database, object storage, and audit export.
3. Run assessmentUse one AI assessment with buyer-approved review records, not unapproved sensitive production evidence.
4. Attach evidenceRecord owner, source, expiry, status, control mapping, retention rule, checksum/version, and access roles.
5. Approve scoringConfirm scoring weights, thresholds, review cadence, board policy, and escalation rules.
6. Export proofExport board packet and go-live approval packet; assign remediation owners for open evidence, controls, and board decisions.

Action path

What a buyer should click during the RiskOS review.

1Open workspaceStart from the RiskOS workspace and use the CEO, risk owner, legal, and security role views.Open workspace

2Run adoption reviewLoad the buyer-safe review pack and confirm evidence, controls, decisions, and audit events appear.Run adoption review

3Check backend readinessUse the Trust Center backend check before treating any evidence or approvals as production records.Check backend

4Export board proofOpen reports, export the board packet, and keep external approval gates visible.Open reports

Review data

Use buyer-safe records for human review.

CEOExecutive reviewerApproves review continuation for approved review records and keeps production blocked until evidence and approval gates pass.

Risk ownerAnika RaoOwns the assessment, score rationale, control owners, and remediation queue.

Legal/securityDaniel Mehta / Maya ChenReview approval boundary, DPA, customer notice, model testing, incident path, and retention proof.

Hard boundaries

Do not overclaim the evaluation workspace.

Not authRole cards are evaluation viewsThey are not SSO, passwordless login, RBAC, or auditor access control.

Not tenant storageBrowser state is evaluation dataProduction evidence needs tenant database, encrypted object storage, retention, deletion, legal hold, and audit export.

Not certificationFramework mapping is readiness supportSOC 2, ISO, EU AI Act, and policy claims require buyer-specific evidence and review.