7. Onboarding: Register New AI System
Functional Documentation
1) Step-Based Onboarding Flow
Purpose: Guided 6-step wizard in Register New AI System.
Steps:
- System Basics
- Model & Lifecycle
- Business Context
- Governance Controls
- Security Controls
- Review & Launch
Main actions:
- Entry trigger:
+ Register New AI System - Footer navigation:
Cancel,Back,Continue,Review & Create,Create System - Top-right close (
X)
Behavior:
- Progress bar and step indicator (
Step X of 6) - Step validation before navigation:
- System name is required
- At least one model is required
2) System Basics: Name + Business Description
Fields:
System NameDescription / Intended Purpose
Main action:
Continue
Notes:
- Description is used downstream for automation, risk suggestions, and documentation generation.
3) Model & Lifecycle
Fields:
LLM Models(multi-select tags; one or more required)Lifecycle Status:draft/in_review/live
Main action:
Continue
Notes:
- Runtime telemetry is based on the model actually sent by SDK traffic, not only the default catalog selection.
4) Business Context (ROI Inputs)
Fields:
- Toggle:
Not applicable / does not replace human labor - If toggle is OFF:
Human Role ReplacedAvg. Human Hourly CostTime per Task
Main action:
Continue
Behavior:
- If
Not applicableis ON, ROI fields are cleared and stored asnull(N/A).
5) Governance Controls
Purpose: Capture domain intent, governance tier, and regulatory scope without forcing long free-form setup.
Fields:
Purpose CategoryFinance & InsuranceCustomer SupportSoftware & EngineeringCreative & MarketingHealthcareLegal & ComplianceEducation & TrainingFamily & YouthOther
Custom Category- required only when
Otheris selected
- required only when
Governance TierTier 1 (Full Governance / Enterprise)Tier 2 (Standard Governance)Tier 3 (Basic Monitoring)
- Compliance multi-select:
AI ActISO 42001Colorado AI ActCustomNot relevant
- Conditional inputs:
AI Act Risk ClasswhenAI Actis selectedCustom compliance labelwhenCustomis selected
Behavior:
- Purpose category is converted into domain-context defaults in the security configuration.
- The onboarding form no longer asks users to manually write sensitivity, normal topics, or blocked topics.
Governance Tiersets the initial operating posture and maps into downstream risk/governance expectations.- If
AI Actis selected in compliance frameworks, the onboarding flow also requires an AI Act class:High RiskLimited RiskMinimal Risk
Not relevantclears the compliance multi-select and stores the onboarding governance section as intentionally not applicable.
6) Security Controls
Purpose: Define runtime guarding behavior for the new system.
Fields:
Shadow Mode (Observability Only)Strict Security (Fail-Closed)Enable AI Security AnalysisBlock Prompt InjectionBlock Database Access (SQL/NoSQL)Block Code Execution (RCE)Block Toxicity & ProfanityBlock Personal InformationMasking Personal Information
Behavior:
- Active Guard: enforcement can block or mask based on policy.
- Shadow Mode: monitor-only, no active blocking or masking, fail-open by design.
- In shadow mode:
Strict Securityis forced OFFAI Analysisis forced ON- active blocking and masking toggles are disabled
- In active mode:
Strict Securityenables fail-closed behavior on technical failuresAI Analysisenables the asynchronous Tier-2 forensic audit and richer auditor-facing evidence- blocking toggles are individually enforceable
- Enabling strict personal-information blocking can disable streaming in affected SDK paths to guarantee full redaction.
7) Final Review Summary Before Creation
Summary includes:
- Name, models, lifecycle
- Guarding mode
- Governance tier
- Purpose category
- Compliance selection
- AI analysis status
- Blocking toggle states
- Strict security state
- ROI context values
Main action:
Create System
Post-create note:
- Telemetry capture and compliance evidence collection start immediately after creation.