1. Declare the workflow
Name the AI workflow, intended users, platform or architecture, owner role, approver role, and later-review need.
Methodology
Evidence before claims. Scope before data.
AuditTrace uses a non-surveillance, human-gated method for creating reviewable AI evidence artifacts without asking buyers to send sensitive material in the first conversation.
2. Bound approved context
Identify the source classes that belong in the first workflow instead of connecting every available file.
3. Record exclusions
Document what must stay out and why: legal, HR, finance, private inboxes, client-specific records, stale exports, or sensitive material.
4. Validate behavior
Define approved-answer questions, excluded-source refusal tests, citation/grounding expectations, and escalation paths.
5. Preserve the decision
Create a compact evidence manifest and DecisionCard showing readiness, limits, missing evidence, and next action.
6. Review changes
After launch, preserve changes to sources, permissions, indexes, embeddings, prompts, tools, and approval decisions.
Non-surveillance boundary
AuditTrace is not an employee monitoring layer.
The method is about declared workflow context, approved source boundaries, human gates, and reviewable evidence artifacts. It is not behavior scoring, covert collection, passive oversight, or autonomous enforcement.
Fail closed when evidence is missing
If the required source boundary, exclusions, ownership, validation, or approval record is incomplete, the artifact should say preliminary or non-decision-grade instead of overstating readiness.