Tovel is built to be evidenced, not asserted. This page sets out how governance works, which frameworks we score against, and just as important, what we do not claim.
Two axes every board and insurer now asks about: how far you have adopted agents (AT0–AT8), and how mature the governance around them is (L0–L4). Tovel scores your position from live signals and exports it board-ready.
These are the frameworks Tovel evaluates your enclaves against today. Each pack maps controls to live posture, not a logo on a page.
No single action holds private data, untrusted content and external communications at once without a human in the loop, or an outright block.
Cryptographic identity per agent, with least-privilege, role-scoped access owned by a named human. Trust tiers scope what each agent may reach.
An append-only, hash-chained record of every guardrail verdict, approval, tool call and verifier check, exportable for board, auditor or insurer.
Data and inference stay in Australia on AWS Bedrock and AgentCore. No inference leaves the region.
A 30-minute governance walkthrough: your maturity position, the packs that matter to you, and the evidence a board can read.