# AI-DLC Risk and Audit Record Template

## System or Feature

- Name:
- Owner:
- Date:
- Reviewers:
- Production impact:

## AI Behavior Classification

| Dimension | Value |
|---|---|
| User-facing? | |
| Autonomous action? | |
| Uses external tools? | |
| Uses sensitive data? | |
| Affects regulated decision? | |
| Human approval required? | |

## Risk Register

| ID | Risk | Severity | Likelihood | Mitigation | Owner | Status |
|---|---|---|---|---|---|---|
| R-001 | | | | | | |

## Governance Gates

| Gate | Required evidence | Approver | Status |
|---|---|---|---|
| Requirements review | Spec/change proposal | | |
| Security review | Threat model, tool policy | | |
| Data review | Data sources, retention, PII handling | | |
| Eval review | Eval dataset and thresholds | | |
| Release approval | Rollout and rollback plan | | |

## Model and Tool Inventory

| Component | Provider/runtime | Purpose | Data sent | Controls |
|---|---|---|---|---|
| Model | | | | |
| Tool/API | | | | |
| Retriever | | | | |

## Audit Evidence

- Spec:
- Plan:
- Test run:
- Eval run:
- Trace/log location:
- Approval record:
- Deployment record:

## Residual Risk

Document accepted risks and why they are acceptable.

## Post-Release Monitoring

- Metrics:
- Alerts:
- Manual review cadence:
- Incident response owner: