Skip to content
Bizzi AI Governance Framework
Pillar I: AI Organization · § 10

Internal audit and red-team

A governance framework is only paper unless it is tested. Bizzi runs three lines of assurance. Continuous squad-level monitoring, periodic internal audit, and annual external review. Each line checks the others. The artefacts they produce are the evidence we need for ISO/IEC 42001 readiness and customer-facing transparency.

Context

Section titled “Context”

Most governance failures we have studied did not happen because the rules were missing. They happened because the rules existed on paper and nobody verified they were applied. The three lines below close the gap. The squad watches itself in real time. The internal audit team verifies the squad. An external auditor verifies the framework.

Three lines of assurance

Section titled “Three lines of assurance”
  • Line 1: Operations. Squads and the CoE monitor themselves daily. See §9.
  • Line 2: Internal audit. An audit team independent of operations runs periodic reviews.
  • Line 3: External audit. A qualified third-party auditor reviews the framework annually.

Internal red-team. Quarterly

Section titled “Internal red-team. Quarterly”

The internal security team (DevSecOps) attacks production AI features to find weaknesses. Each quarter covers:

  • Direct prompt injection. Hidden commands in user input attempting to override the system prompt.
  • Indirect prompt injection. Malicious commands embedded in invoice PDFs (white text on white, OCR-bait).
  • Jailbreak. Known prompts attempting to bypass safety rules.
  • Sensitive-information extraction. Attempts to pull another tenant’s data through an agent.
  • Excessive agency. Coaxing an agent to take actions beyond the user’s authority.
  • Denial-of-wallet. Expensive request patterns draining API quota.

Every finding is graded SEV1-4 with a fix SLA. SEV1 in 24 hours. SEV2 in one week. SEV3 in one month. SEV4 into backlog.

Internal audit. Semi-annual

Section titled “Internal audit. Semi-annual”

An audit team independent of CoE and Engineering reviews:

  • Is BAGF applied in each squad?
  • Was a DPIA completed for every AI feature touching personal data?
  • Is the audit trail complete for every AI decision?
  • Do vendor contracts include the required Zero Data Retention clauses?
  • Has the kill-switch been exercised in a DR drill?

The audit report goes to the Board. Findings close before the next audit cycle.

External audit. Annual

Section titled “External audit. Annual”

A qualified third-party auditor reviews the full framework against:

  • Operating reality versus BAGF v1.x commitments.
  • ISO/IEC 42001 alignment (readiness for certification).
  • ISO 27001 ISMS alignment.
  • Penetration testing across the platform. Not only the AI surface.

The exact final report format (ISO 27001 audit report, SOC 2, or equivalent) is confirmed per Enterprise customer in their contract. See commitment #7 in the Executive Summary.

Evidence retention

Section titled “Evidence retention”

For audit to be possible, every AI decision retains evidence for at least 12 months:

  • Model version, dataset hash, and prompt version through the observability layer.
  • Audit trail for every HITL approval.
  • Risk classification document for every feature.
  • Quarter-by-quarter red-team reports.

Standards mapping

Section titled “Standards mapping”