Internal Preparation Checklist
This checklist is for internal teams preparing for ARAF assessment. Each item maps to a requirement assessors evaluate. Completing preparation before engagement reduces timeline risk and improves achievable certification outcomes.
Phase 1: System Identification and Scoping
Section titled “Phase 1: System Identification and Scoping”- Identify each autonomous system by name and operational function
- Document autonomous decision types, commitment authority, and deployment scale
- Select in-scope system(s), starting with highest governance exposure
- Define scope: system boundary, authorised decisions, operational environment, execution context
Phase 2: Decision Supply Chain Mapping
Section titled “Phase 2: Decision Supply Chain Mapping”- Map full Decision Supply Chain for each in-scope system
- Identify each link: data infrastructure, model systems, human oversight, execution infrastructure, external providers
- Classify providers as commodity infrastructure or decision-participating providers
- Assign accountability by link: design, deployment, operational, outcome
- Document contractual relationships for each link
- Record jurisdictional boundaries crossed in the chain
Phase 3: Governance Documentation Assembly
Section titled “Phase 3: Governance Documentation Assembly”Design evidence
Section titled “Design evidence”- Architecture documentation
- Decision authority definitions and scope boundaries
- Governance roles and accountability assignments
- Data governance and classification framework
- Training data provenance basis
- Liability allocation framework
- Contract infrastructure documentation
Deployment evidence
Section titled “Deployment evidence”- Deployment approval records (approver, date, authorised scope)
- Deployment risk assessment
- Model version and configuration records
- Decision Supply Chain validation at go-live
Operational evidence
Section titled “Operational evidence”- Governance monitoring logs (not only performance telemetry)
- Anomaly and escalation records
- Governance review records (for example AIOC updates)
- Change approval records
- Human oversight records where applicable
Outcome evidence
Section titled “Outcome evidence”- Incident reports where events occurred
- Root-cause analyses addressing governance causation
- Remediation actions and architecture updates
- Counterparty or regulator notifications where required
Phase 4: Evidence Quality Review
Section titled “Phase 4: Evidence Quality Review”- Classify evidence tier per category and dimension
- Tier 1: infrastructure-generated, contemporaneous, tamper-evident
- Tier 2: contemporaneous documentation created at decision time
- Tier 3: reconstructed documentation assembled post hoc
- Identify where Tier 3 can be upgraded before assessment
- Identify evidence gaps by dimension and chain link
Phase 5: Dimensional Pre-Assessment
Section titled “Phase 5: Dimensional Pre-Assessment”- Estimate likely score range across all six dimensions
- Identify multiplier conditions
- Prioritise remediation of compound weaknesses before engagement
- Assign accountable owners and target dates for remediation actions
Phase 6: Pre-Engagement Readiness
Section titled “Phase 6: Pre-Engagement Readiness”- Confirm internal lead and cross-functional responsibilities
- Brief governance, technical, and operational interview participants
- Confirm documentation is accessible and export-ready for assessor review
- Confirm assessor independence and conflict status