Brief Evidence Failures Acceptance Mapping Sprint Risk

Compliance teams need exportable audit proof

For Compliance / Audit Teams

Regulators want proof. Not promises.

For defined high-impact AI decisions, Good Proof provides externally verifiable, fail-closed controls with exportable decision-time evidence.

Fail-closedAppend-onlyScope-bounded

Book a Compliance Stamp Sprint See stamped specimens

Not a certification. Scope-limited verification. Acceptance depends on counterparty/programme requirements.

Compliance 60-Second Brief

Problem

Internal reviews and model cards are insufficient for high-impact reliance.

Control

Status Link verification at decision time for defined high-impact actions.

Output

Exportable Evidence Pack (JSON/CSV) for audit and regulator requests.

Boundary

Supports defensibility; does not guarantee regulatory approval or model correctness.

Is This a Fit?

Best fit

High-impact decision lanes needing reproducible evidence
Programmes requiring stop-rely + change-triggered refresh

Not fit

Low-risk informational-only AI
Teams seeking policy text without technical enforcement

Enforcement + Failure Semantics

Condition	Returned State	Default Action
Timeout / network unreachable	NOT_VERIFIED	Block/Escalate
TLS / certificate failure	NOT_VERIFIED	Block/Escalate
Domain mismatch / redirect	NOT_VERIFIED	Block/Escalate
Malformed / unauthenticated response	NOT_VERIFIED	Block/Escalate
WITHDRAWN status returned	WITHDRAWN	Block + stop-rely
NEEDS_REFRESH status returned	NEEDS_REFRESH	Escalate/Review
VALID but out-of-scope / expired	NOT_VERIFIED	Block/Escalate

If escalation path is unavailable, default action is BLOCK.

Definitions

Stamp

Cryptographically-signed verification artifact issued per decision

Status Link

Live URL returning current verification status (VALID / NEEDS_REFRESH / WITHDRAWN / EXPIRED / NOT_VERIFIED)

Evidence Window

Time-bound scope for decision verification

Official Verifier

verify.goodproof.mindchill.ai (HTTPS only; host must match; redirects forbidden)

Audit Evidence

Exportable, timestamped record with minimum fields

Guardian Finality

Human sign-off on exceptions/appeals with conflict-checked independence

What a Stamp Proves

Managing audit and counterparty expectations

Proves

Action class + outcome
Decision-time timestamp
Signer/authority reference
Scope boundaries and expiry
Validity state at verification time

Does NOT prove

Underlying case/claim truth
Outcome correctness or quality
Raw PII/PHI contents
Regulatory compliance certification

Status Link = reliance state now. Evidence Pack = fileable decision-time record.

Audit Evidence You Can Export

Minimum fields per decision

audit-evidence.json

stamp_idaction_classdecisionstatusverified_atexpires_atverifier_domainsignerversionrequest_idreason_codefailure_mode

MAY include evidence_window_start and evidence_window_end (programme-defined).

Export formats

JSON, CSV (PDF summary optional)

Minimal disclosure

No PII/PHI by default

Retention, Integrity & Chain-of-Custody

Buyer-configurable retention: [RETENTION_PERIOD] defined per programme

Tamper protection: Append-only storage + access controls + integrity monitoring

Audit trail: Correlation IDs + timestamps for reconstruction

Regulator / Auditor Quick Answers

"How do you verify AI decisions?"

→ Status Link + evidence window + scope. Each high-impact decision is verified at runtime against an externally-verifiable Status Link.

"What happens when verification fails?"

→ Fail-closed → NOT_VERIFIED → block/escalate. Systems must not proceed on unverified decisions.

"What can you produce on request?"

→ Exportable audit evidence (JSON/CSV) + specimens. All minimum fields are captured and reproducible.

Stamp Sprint (30 Days)

One lane live with fail-closed gating, Status Link verification, and exportable Evidence Pack.

Scope & criteria

Define audited process + action classes + evidence requirements

Integrate & log

Status Link verification + audit logging + export endpoints

Test drills

Timeout/TLS/domain/malformed tests + refresh/withdrawal drills

Audit packet

Evidence specimen + documentation + rollout plan

Acceptance Criteria

Pass/fail at go-live

Status Link verifies from official verifier

Fail-closed under timeout/TLS/domain mismatch/malformed

Refresh/withdrawal semantics observed

Evidence exports reproducible with minimum fields

If criteria fail, Buyer may withhold reliance for the affected action class.

Controls Mapping

SOC 2

Monitoring, Change Management, Logical Access, System Operations

ISO 27001

Logging/Monitoring, Access Control, Communications Security, Supplier Relationships

NIST

AC, AU, CM, SC, SI

Mapping only; not a certification claim.

Risk Reduced vs Out of Scope

Risk reduced

Audit findings for missing verification evidence
Regulator questions without exportable records
AI decision reliance without timestamped proof
Exception handling without human accountability trail
Stale verification with no change-control triggers

Out of scope

Underlying model accuracy or correctness
Regulatory compliance certification
Raw PII/PHI content validation
Guaranteed audit outcomes or findings closure
Blanket certification or warranty

Good Proof is scope-limited verification. A VALID status confirms scope compliance under lane rules—not outcome correctness or regulatory approval.

Governance

Mind Chill Guardians

Human finality for compliance edge cases

Exceptions/appeals only

Conflict-checked independence

Auditable traceability

Minimal disclosure

Forwardable Kit

Clause Pack Kill Switch Agentic Security IDA Evidence Pack Evidence Vault

Ready to export audit proof?

Definition of done: your workflow blocks on status ≠ VALID.

Book a Compliance Stamp Sprint See stamped specimens

Not a certification. Scope-limited verification. Acceptance depends on counterparty/programme requirements.

Regulators want proof. Not promises.

For defined high-impact AI decisions, Good Proof provides externally verifiable, fail-closed controls with exportable decision-time evidence.

Fail-closedAppend-onlyScope-bounded

Not a certification. Scope-limited verification. Acceptance depends on counterparty/programme requirements.

Compliance 60-Second Brief

Problem

Internal reviews and model cards are insufficient for high-impact reliance.

Control

Status Link verification at decision time for defined high-impact actions.

Output

Exportable Evidence Pack (JSON/CSV) for audit and regulator requests.

Boundary

Supports defensibility; does not guarantee regulatory approval or model correctness.

Enforcement + Failure Semantics

Condition	Returned State	Default Action
Timeout / network unreachable	NOT_VERIFIED	Block/Escalate
TLS / certificate failure	NOT_VERIFIED	Block/Escalate
Domain mismatch / redirect	NOT_VERIFIED	Block/Escalate
Malformed / unauthenticated response	NOT_VERIFIED	Block/Escalate
WITHDRAWN status returned	WITHDRAWN	Block + stop-rely
NEEDS_REFRESH status returned	NEEDS_REFRESH	Escalate/Review
VALID but out-of-scope / expired	NOT_VERIFIED	Block/Escalate

If escalation path is unavailable, default action is BLOCK.

Definitions

Stamp

Cryptographically-signed verification artifact issued per decision

Status Link

Live URL returning current verification status (VALID / NEEDS_REFRESH / WITHDRAWN / EXPIRED / NOT_VERIFIED)

Evidence Window

Time-bound scope for decision verification

Official Verifier

verify.goodproof.mindchill.ai (HTTPS only; host must match; redirects forbidden)

Audit Evidence

Exportable, timestamped record with minimum fields

Guardian Finality

Human sign-off on exceptions/appeals with conflict-checked independence

Risk Reduced vs Out of Scope

Risk reduced

Audit findings for missing verification evidence
Regulator questions without exportable records
AI decision reliance without timestamped proof
Exception handling without human accountability trail
Stale verification with no change-control triggers

Out of scope

Underlying model accuracy or correctness
Regulatory compliance certification
Raw PII/PHI content validation
Guaranteed audit outcomes or findings closure
Blanket certification or warranty

Good Proof is scope-limited verification. A VALID status confirms scope compliance under lane rules—not outcome correctness or regulatory approval.

Regulators want proof. Not promises.

Compliance 60-Second Brief