What is a Model Governance and Operational Controls?
Model governance is the set of operational controls applied to AI models and prompts across their lifecycle: how they are developed and tested, how they are approved for production, how versions are managed, how changes are reviewed, and how they are retired. It is the discipline that prevents undocumented models making real decisions.
For traditional software, change management, version control, and release approval are mature disciplines. AI models often bypass them: data scientists train, validate, and deploy models without the gates applied to other production code. Model governance brings AI under the same release rigour while adding AI-specific concerns: training data provenance, evaluation against fairness and robustness criteria, and prompt management for LLM applications.
A baseline implementation includes: a model registry recording every production model with version, training data reference, evaluation metrics, and approval status; a documented change-approval process with appropriate gates; segregation of training and production environments; reproducibility evidence (code, data, hyperparameters, environment); and a defined retirement process. For LLM applications, prompt versioning and prompt-change review become equivalents.
In the Veridio framework, D5 contains eight principles covering model registry, change control, evaluation criteria, approval gates, version management, reproducibility, segregation of duties, and retirement. It spans tier 1 through tier 3 because basic version control is foundational, but advanced controls (e.g. independent model validation) are appropriate for higher-stakes systems.
Common questions about model governance & operational controls
What is a model registry?
A central record of every AI model in production, capturing: a unique identifier and version; the training data reference; evaluation metrics at the time of approval; the approver and date; the system(s) using the model; and the retirement plan. It is the AI equivalent of a software bill of materials.
Do prompts need to be version-controlled?
Yes, for any LLM application where the prompt materially affects the output. Treat prompts as production code: store in version control, peer-review changes, evaluate against a regression test suite, and deploy through the same release process as other code.
What evaluation should models pass before deployment?
At minimum: accuracy against a held-out test set; performance across demographic subgroups (fairness); robustness to expected distribution shifts; safety / refusal behaviour for LLMs; and a sign-off review of training data lineage. The specific bar scales with the system's risk classification.
How often should production models be re-validated?
At minimum annually, and triggered by: training data refresh, model retraining, change in operating conditions, or detection of performance drift via monitoring. High-risk systems often run continuous shadow evaluation in production.
What templates support model governance?
The D5 bundle includes the Model Registry Template, Model Approval Form, Pre-Deployment Evaluation Checklist, Prompt Management Standard, and Model Retirement Procedure. Available individually or bundled at templates.veridio.co.uk.