Workflow Fundamentals

Workflows in Trustible provide a structured, repeatable process to ensure every AI use case is properly reviewed, assessed, and approved before moving forward. Most customers start with our standard pre-built workflows: Intake, Risk, and Impact. Enterprise customers can also customize workflows to fit their organization’s processes.

Each workflow includes tasks, documentation, assessments, and reviews that can help your team:

• Meet compliance requirements
• Measure benefits
• Mitigate risks
• Align with governance policies

Intake Workflow

The main goal of the Intake Workflow is to captures and categorize new AI initiatives. The intake workflow is the first step for cross-functional stakeholders to engage with the AI Governance program. Typically, the first two tasks are assigned to the project lead / business owner and they are asked to provide basic information about the use case ranging from project phase to preferred model and vendor, and expectations for internal and external use.

The basic information is then used to automatically assign an initial risk level, which can be used by reviewers to determine next steps.

Considerations for Defining Conditional Logic for Vendors and Models

You can include a Vendor question in the Intake Form to capture whether a third party is involved and to guide what happens next. A common approach is to create a vendor-related question and attach Attributes to each response so the right Optional Task Group (for example, “Create Vendor Profile” and/or “Complete Vendor Risk Assessment”) is activated only when it’s relevant.

• Use intake to guide vendor steps: Add a Vendor question to the Intake Form and attach Attributes to each response so the right optional tasks activate only when relevant (e.g., “Create Vendor Profile” / “Complete Vendor Risk Assessment”).
• If the vendor is known: The intake response can activate vendor tasks and assign them to the Contributor. Admins can adjust required fields if the Contributor won’t have full details yet.
• If the vendor is unknown: The Contributor indicates this on the intake, and vendor tasks don’t activate. The admin team can decide whether a Vendor Profile is needed, who completes it, or link an existing Vendor Profile from inventory (especially with an approved vendor list).
• If vendor risk is use-case-specific: Some teams create a new vendor profile per use case, since risk may vary based on how the vendor is used. Documentation depth can be lightweight or comprehensive.

Ultimately, whether Contributors create Vendor Profiles or Model Cards and how much documentation you require depends on your governance program. Trustible supports conditional and optional tasks so you can tailor the workflow depth to match your internal policies and risk tolerance.

Bottom line: Vendor/Profile and documentation requirements are configurable; Trustible supports conditional/optional tasks to match your governance program.

<aside> 💡

Pro Tip

We recommend using the Next Steps Recommendations task to see:
◦ Frameworks that may apply (e.g., EU AI Act)
◦ Suggested follow-on workflows (e.g., Impact Assessment for high-risk, automated decision systems)

</aside>

Recommended workflows on the use case record are determined based on risk level and vertical.

Risk Assessment Workflow

The Risk Assessment Workflow supports additional documentation for non-low risk use cases, when a deeper dive is required. The workflow will ask the submitter to provide additional information on topics such as Data and System and User Interaction Documentation as well require the reviewer to confirm the initial submission of documentation combine with the new information to re-assess the risk and benefits.