TrackProject is currently available by invitation only.
Request access·Book a demo·Sign in
TrackProject
Trust & Compliance · Security & AI

Enterprise AI Governance

The governance, control and assurance framework that wraps every AI capability in TrackProject.

Versionv1.0Last updated2026-06-25Last audit2026-05-12
UK GDPREU GDPRCCPA / CPRAISO/IEC 27001:2022ISO/IEC 42001 (AI)SOC 2
Contact security Report vulnerability Request data export Request account deletion

Governance framework

TrackProject operates an AI Management System (AIMS) aligned with ISO/IEC 42001:2023 and the NIST AI Risk Management Framework. The AIMS defines roles, processes, controls, evidence and continuous-improvement cycles for every AI feature on the platform.

Roles & accountability

Accountability is allocated as follows:

  • AI Governance Board — chaired by the CTO; sets policy, approves new high-impact features and reviews incidents.
  • Head of Security — owns AI security testing, prompt-injection defences and tool sandbox integrity.
  • Data Protection Officer — owns lawful basis, DPIAs and data-subject rights for AI processing.
  • Product Leads — own feature-level risk assessments and in-product transparency.
  • Engineering Leads — own model selection, evaluation harnesses and rollback runbooks.

AI feature lifecycle

Every AI feature passes through five gates: (1) intake and risk classification, (2) data protection impact assessment, (3) evaluation harness with hallucination, bias and safety tests, (4) staged rollout with feature flags and per-tenant kill switches, (5) post-launch monitoring with explicit re-review at six months.

Risk classification

AI features are classified against EU AI Act risk categories. All current TrackProject AI capabilities fall within the limited-risk category and ship with transparency notices, citation requirements and human-in-the-loop controls. High-risk classifications would trigger additional conformity assessment and registration obligations before launch.

Human oversight

Every AI surface is paired with a human action. Autonomous agents operate in three modes: read-only (observe and report), suggest-only (propose actions for human approval), and act-with-approval (queue actions awaiting explicit human sign-off). No mode permits unattended execution of irreversible or safety-critical actions.

Explainability controls

Every material AI output exposes the tools called, the records consulted and the model identifier. The audit log preserves the chain of reasoning so a workspace administrator can reconstruct any decision after the fact.

Model limitations & disclosures

In-product notices describe the known limitations of each AI feature, including non-determinism, hallucination risk and the requirement for human verification. Limitations are republished whenever a feature is materially changed.

Confidence scoring

Where the platform surfaces confidence scores, the methodology is documented: scores are derived from retrieval coverage, citation density and evaluator-model judgement, and are explicitly labelled as heuristic guidance rather than probabilistic guarantees.

AI audit logs

AI tool calls are written to an append-only audit log keyed by workspace. Administrators can export logs in JSON or CSV for compliance review, retain them for the lifetime of the subscription and replay them through the explainability viewer.

Approval workflows

Autonomous recommendations enter an approvals queue where named approvers can accept, modify, reject or escalate. Approvals are time-bound, double-checked by RBAC and recorded with reviewer identity, decision, justification and outcome.

Enterprise AI controls

Enterprise customers can disable individual AI features, restrict AI use to specific roles, require step-up authentication for AI actions, pin to a specific model tier and require enhanced audit logging. All controls are configurable per workspace.

AI transparency

TrackProject publishes a public AI changelog covering new features, model rotations and material prompt changes. Enterprise customers receive 30 days' notice of model rotations that materially change output behaviour.

AI data isolation

AI inherits the calling User's Row Level Security scope. There is no shared cache, embedding index or fine-tune slice. Retrieval is bounded before the model is invoked, so cross-tenant leakage is structurally impossible.

Prompt security

Tool outputs are sanitised before being concatenated into prompts. Instructions embedded in retrieved content are detected, neutralised and flagged. System prompts are protected by tamper-evident hashes. Penetration tests include dedicated prompt-injection scenarios.

Model updates

Models are versioned and pinned per environment. Major rotations are evaluated against a regression suite covering accuracy, safety, bias and tool-use fidelity before reaching production. Rollback is one configuration change away.

Evidence & assurance

Each gate produces evidence — risk assessment, DPIA, evaluation report, rollout plan, monitoring dashboards — that is retained for the lifetime of the feature and supplied to enterprise customers and auditors on request under NDA.

Questions about this document? Contact legal@track-project.com · Security: security@track-project.com

© 2026 TrackProject Ltd. Version 1.0 · Last updated 2026-06-25.

Version history

  • v1.02026-06-25Initial publication: AIMS framework, lifecycle gates, approvals, evidence, enterprise controls.
Trust Center Security Center AI Governance Responsible AI Architecture Integrations Compliance Subprocessors