govrn-platform — Engagement Playbook (Best Practices)

Internal · 2026-06-07 · v0.1. How to actually run a govrn engagement well — the repeatable process behind the product. This is the "rinse-and-repeat formula" applied across all three lenses, with the human-in-the-loop gates that keep it honest.

The product is a living governance system. The engagement is how it gets installed. This playbook is the delivery muscle.

Operating model: assessment → living platform

   ┌─────────────┐     ┌──────────────────────────────┐
   │ ENGAGEMENT  │ ──▶ │  LIVING PLATFORM (AIaaS)       │
   │ one-time    │     │  recurring · monitored · alive │
   │ ~$50K, 5wk  │     │  monthly/yearly                │
   └─────────────┘     └──────────────────────────────┘
   inventory + 3-lens     same controls go live on the
   posture + roadmap      dashboard; monitoring keeps
   (incl. AI-gov wedge)   them current; fee buys updates,
                          connectors, enhancements, maint.

The engagement is the on-ramp; the platform is the annuity. Lead the engagement with the AI-Governance lens — it's the differentiator no one else delivers (see PROTOCOLS-GAPCHECK.md).

The six-stage formula × three lenses

Every engagement runs these six stages. Each stage is executed through all three lenses (IT-Rationalization, Cybersecurity, AI-Governance). The grid below is the master plan; the per-stage sections expand it.

Stage IT-Rationalization Cybersecurity AI-Governance
1 Discovery inventory apps/db/integrations/vendors; capability map; shadow IT security posture vs CSF 2.0/CIS v8.1; identity, vuln, DR AI-BOM discovery; shadow-AI; model uses; data access
2 Implementation disposition (retain/replace/retire); system-of-record; integration design control hardening priorities (MFA, backup, vuln mgmt) HITL gates, AI acceptable-use, model-risk tiering, guardrails
3 Test validate capability coverage; duplicate confirmation control validation; tabletop; backup-restore test bias/fairness eval; prompt-injection/red-team; drift baseline
4 Training handoff on inventory + roadmap upkeep security-control operation AI literacy; how to triage AI-gov signals; model-card discipline
5 Certifications rationalization sign-off security posture attestation AI-governance posture attestation → (path to) ISO 42001 readiness
6 Maintenance living inventory + disposition review continuous CVE/vendor monitoring continuous drift/model-inventory/agentic monitoring

Stage 1 — Discovery

Goal: a current-state map of the entire fleet, across all three lenses, with shadow IT and shadow AI surfaced.

  • Techniques (in order of effort, per the MCG method): existing-doc review → contract/AP analysis → technical discovery (IdP/SSO + DNS logs) → structured interviews → workflow observation.
  • AI-specific additions: enumerate every model/LLM/agent in use (sanctioned and shadow), what data each touches, who owns it, whether a human gates its decisions.
  • Deliverable: current-state inventory + integration map + AI-BOM + key-findings summary.
  • HITL gate: mid-point checkpoint — client confirms the inventory is right before disposition work.

Stage 2 — Implementation (recommendations, not rebuild)

Goal: decide what changes, scaled to the client's team capacity.

  • Rationalization: disposition per system (retain/replace/retire), system-of-record per domain, integration design (minimize count, name SoR, design for replaceability).
  • Security: prioritize highest-leverage controls (MFA coverage, backup integrity, vuln mgmt) — most risk reduction per dollar.
  • AI-Governance: set model-risk tiers, require HITL on consequential decisions, draft the AI acceptable-use policy, define guardrails for prompt-injection/agentic scope.
  • Deliverable: disposition records, future-state architecture, AI-governance control set.
  • Principle: recommendations feel earned, not imposed — socialize findings before they're final.

Stage 3 — Test (validate, don't assume)

Goal: prove the controls and the analysis hold.

  • Security: validate controls, run a tabletop, restore-test a backup (untested backups are hopes).
  • AI-Governance: bias/fairness evaluation on high-impact models, prompt-injection/jailbreak red-team (OWASP LLM01 / MITRE ATLAS), establish a drift baseline so future drift is measurable.
  • Rationalization: confirm duplicate/overlap calls with the people who use the systems.
  • Deliverable: test results feeding the posture scores; named gaps with remediation paths.

Stage 4 — Training (capacity transfer)

Goal: the client can operate what we installed — focused handoff, not a course.

  • Rationalization: how to keep the inventory + roadmap current.
  • Security: how to operate the priority controls.
  • AI-Governance: AI literacy + how to triage AI-gov signals + model-card discipline (the part most orgs have never done).
  • Deliverable: handoff session + living-doc upkeep guide.

Stage 5 — Certifications (attestation — with the firewall)

Goal: an honest posture attestation, structured so it can later carry weight with third parties.

  • Produce a posture attestation per lens (scored, evidenced).
  • 🔒 Conflict firewall (load-bearing): a Finding (we found it) and an Attestation/Certification (we vouch for it) are distinct artifacts with distinct signing authority. Assess→recommend→(HITL)→remediate as a managed service is fine — the client is approver-of-record. The conflict only re-enters if a self-issued score is sold as a third-party-relied-upon certification. Route real certification to an independent signer (or a firewalled internal body). Never fuse finding and attestation.
  • Path to ISO/IEC 42001 readiness — position the AI-governance attestation as the on-ramp to a recognized AIMS certification, not a substitute for it.

Stage 6 — Maintenance (the living part — AIaaS)

Goal: the deliverable stays alive. This is the recurring revenue and the confidence the client is buying.

  • Continuous monitoring (systems + vendors + public product/vendor chatter — never individuals): CVE/NVD feeds, vendor advisories, IdP/DNS/AP logs, model drift metrics, shadow-AI discovery.
  • Re-score controls as signals arrive; surface threats/vulnerabilities/drift with severity + provenance.
  • HITL on every action — monitoring is autonomous; remediation is human-gated and logged.
  • Signal-to-noise discipline — prioritization + false-positive handling; noisy monitoring is worthless.
  • Deliverable: the live dashboard + a standing posture report + quarterly review.

HITL gates (non-negotiable)

Gate Where Who approves
Inventory confirmed end of Discovery client
Disposition decisions Implementation client (documented, even when against our rec)
Any remediation action on the estate Maintenance client (approver-of-record, logged)
Certification/attestation issuance Certifications independent signer (firewalled from delivery)

Rule: retrieval and monitoring are autonomous; no agent sends, deletes, moves, or remediates without an explicit client GO.

Maps to the existing MCG engagement

The Delta Gamma "Application & Database Rationalization Engagement" is Stages 1–5 of the IT-Rationalization lens. govrn-platform (a) adds the Cybersecurity + AI-Governance lenses to the same engagement, and (b) adds Stage 6 (Maintenance) to make it living. Upsell path: deliver the rationalization engagement → show the AI-governance gap → convert to the living platform.

Roles (and the strategist team)

See agents/ for the composed agent team that can run this:

  • AI-Governance Strategist — owns the whole engagement, the three-lens synthesis, the client narrative.
  • Rationalization Analyst — Lens 1 (inventory, capability map, disposition, roadmap).
  • Security Analyst — Lens 2 (CSF 2.0/CIS posture, vuln, DR, privacy).
  • AI-Risk Analyst — Lens 3 (AI-BOM, bias, prompt-injection, drift, agentic, HITL).
  • Assurance/Independent Signer — certification, firewalled from delivery.

Design partners

  • Grace Hill (real estate; warm CTO; no governance, actively looking) — first-mover / design partner; multi-entity estate tests the tenant-hierarchy mandate.
  • Delta Gamma — the assessment→platform upsell in motion.