Skip to content
Bizzi AI Governance Framework
Executive Summary · § 03

BAGF at a glance, five pillars

BAGF is organized into five pillars covering each aspect of the AI lifecycle at Bizzi. Each pillar is independent (readable on its own) and interconnected (addressing a multidimensional problem together).

Bizzi AI Governance Framework
v1.0
  1. I
    AI Organization
  2. II
    Legal and Regulatory
  3. III
    Ethics and Transparency
  4. IV
    Data, AIOps, Infrastructure
  5. V
    AI Security
The five pillars of BAGF v1.0

Pillar I: AI Organization

Section titled “Pillar I: AI Organization”

Bizzi runs a Hub-and-Spoke governance model. The Hub (the AI Center of Excellence) sets standards. The Spokes (Data and AI Stewards embedded in each product Squad) apply them in practice.

  • AI Governance Board (CEO, CPTO, Legal Director) meets quarterly to approve high-impact AI initiatives.
  • A six-step AI Risk Framework is mandatory before any feature reaches Production.
  • Measurable KPIs. STP rate above 85 percent. Extraction Accuracy above 99 percent. Hallucination Rate. Cost per Transaction.

Go to Pillar I →

Section titled “Pillar II: Legal and Regulatory Compliance”

Bizzi processes B2B financial data. Legal is not optional. It is the foundation.

  • Decree 13/2023. PII Redaction at the gateway before any LLM sees personal data.
  • Vietnam data residency for Enterprise and banking customers.
  • Zero Data Retention in contracts with every commercial LLM vendor.

Go to Pillar II →

Pillar III: Ethics, Transparency, and Interpretability

Section titled “Pillar III: Ethics, Transparency, and Interpretability”

Bizzi’s AI is not a black box.

  • Human-in-the-loop for every high-value or anomalous transaction. Human-on-the-loop for standard e-invoices.
  • Confidence scores in the UI. Above 95 percent green. Below 80 percent yellow warning.
  • Grounded Reasoning. When AI declines an invoice, it cites the exact policy clause violated.

Go to Pillar III →

Pillar IV: Data, AIOps, and Infrastructure

Section titled “Pillar IV: Data, AIOps, and Infrastructure”

This pillar defines the Agentic Development Lifecycle (ADLC). The five-stage process for taking an AI feature from design to operation.

  • Separated architecture. OLTP (OLTP database) plus OLAP (OLAP database) plus Vector DB for RAG.
  • LLM-as-a-Judge automated evaluation against three criteria. Accuracy, Groundedness, Safety.
  • Multi-Agent plus Model Context Protocol (MCP). A safe intermediary layer for agents to access internal databases.

Go to Pillar IV →

Pillar V: AI Security

Section titled “Pillar V: AI Security”

Bizzi aligns rigorously with OWASP Top 10 for LLMs.

  • Input Guardrails against Prompt Injection. Context separation via <user_data> tags.
  • Agent RBAC. Every AI agent inherits the user’s Access Token. There is no superadmin.
  • Kill-switch and Circuit Breaker. Disables AI features during incidents while keeping the manual path and ERP Sync operational.

Go to Pillar V →