Governance & Trust

Governance your risk committee can verify.

Tovel is built to be evidenced, not asserted. This page sets out how governance works, which frameworks we score against, and just as important, what we do not claim.

Adoption × governance maturity

Know where you sit, and what good looks like.

Two axes every board and insurer now asks about: how far you have adopted agents (AT0–AT8), and how mature the governance around them is (L0–L4). Tovel scores your position from live signals and exports it board-ready.

Adoption × governance heatmap
Well-governedAdequateExposedCritical
Where most enterprises land
AT7 · L2, Exposed
Multi-agent adoption on policy-and-HITL governance: aggressive deployment, oversight not yet continuous.
The move Tovel makes
→ L3, then L4
Continuous oversight first (telemetry, plan-divergence, evidence), then adaptive control, out of the exposed band.
Framework packs · shipped

Seven frameworks. Scored against live posture.

These are the frameworks Tovel evaluates your enclaves against today. Each pack maps controls to live posture, not a logo on a page.

OWASP LLM Top 10
LLM01–LLM10 · 2025
The application-layer risks for LLM systems: prompt injection, sensitive-information disclosure, supply chain, excessive agency.
OWASP Agentic (ASI01–10)
Agentic Security Initiative
Agent-specific threats: goal hijack, tool misuse, identity abuse, memory poisoning, cascading failures, rogue agents.
NIST AI RMF
AI 100-1
Govern / Map / Measure / Manage: the risk-management spine most enterprise AI programmes are structured around.
ISO/IEC 42001
AI management system
The certifiable backbone for an accountable AI programme.
MITRE ATLAS
Adversarial ML tactics
Adversary tactics and techniques against ML systems, mapped to the enclave's threat surface.
EU AI Act
Risk-tiered obligations
Obligations by risk tier, relevant to any AU enterprise operating into or from the EU.
AU AI Safety
Australia · voluntary safety standard
Alignment to Australia's AI safety guidance. Tovel scores AU AI Safety; it does not claim CPS 234 as a covered pack.
The controls behind the score

How the harness earns the posture.

Rule-of-Two gating

No single action holds private data, untrusted content and external communications at once without a human in the loop, or an outright block.

Agent identity control plane

Cryptographic identity per agent, with least-privilege, role-scoped access owned by a named human. Trust tiers scope what each agent may reach.

Signed evidence locker

An append-only, hash-chained record of every guardrail verdict, approval, tool call and verifier check, exportable for board, auditor or insurer.

AU data residency

Data and inference stay in Australia on AWS Bedrock and AgentCore. No inference leaves the region.

Bring your own architecture. We'll score it live.

A 30-minute governance walkthrough: your maturity position, the packs that matter to you, and the evidence a board can read.