Customer-facing support chatbot
RAG-based FAQ assistant on the customer portal. Hands off to human agent on intent confidence drop.
System card
- Owner
- Director, CS Ops
- Business unit
- Customer Success
- Model
- OpenAI · gpt-4.1
- Vendor type
- 3rd-party API
- Approved
- AI Review Board (provisional) on 2026-01-15
- Data inputs
- help-center articlescustomer messageaccount metadata
Trustworthy AI characteristics
Per NIST AI RMF §1.2.5 — 0=not addressed, 5=monitored
Risk inputs
Tier formula: impact × likelihood × (6 − reversibility). ≥ 50 → Tier 1, ≥ 18 → Tier 2, else Tier 3.
Severity if the system fails or is misused (1=trivial, 5=existential).
Probability of exposure given current usage cadence.
Ease of unwinding a bad output (5=fully reversible, 1=irreversible).
Required controls — 10 for Tier 2 (medium)
Tier-aware control bundle from NIST AI RMF, mapped to ISO 42001 clauses
- AI-GV-1.1GOVERNAI policy approved by senior leadership
A written AI use policy approved at the C-suite or board level, reviewed annually.
ISO 42001: 5.2, 5.3
- AI-GV-1.2GOVERNAI risk owner assigned per use case
Each registered use case has a named owner accountable for its risk posture.
ISO 42001: 5.3
- AI-GV-2.1GOVERNAI training delivered to operators and stewards
Personnel with AI responsibilities have completed role-appropriate training in the last 12 months.
ISO 42001: 7.2, 7.3
- AI-MP-1.1MAPUse-case registered with intended purpose and stakeholders
Registry entry includes purpose, business owner, affected stakeholder groups, and data inputs.
ISO 42001: 6.1.2, 8.2
- AI-MP-2.1MAPImpact assessment documented
Documented assessment of impact on individuals, groups, and the organization, including foreseeable misuse.
ISO 42001: 6.1.4
- AI-MP-3.1MAPData lineage and provenance recorded
Source datasets, licensing, collection method, and known biases of training/grounding data are documented.
ISO 42001: 7.5, 8.1
- AI-MS-1.1MEASUREValidity and reliability metrics defined and tracked
Documented accuracy / quality metrics with thresholds, monitored on a published cadence.
ISO 42001: 9.1
- AI-MS-4.1MEASUREPrivacy and data-protection review completed
DPIA or equivalent privacy review covering training data and prompts; signed off by privacy lead.
ISO 42001: 6.1.4, 8.2
- AI-MG-2.1MANAGEProduction monitoring and drift detection
Operational telemetry on input distribution, output rates, and quality metrics with alert thresholds.
ISO 42001: 9.1
- AI-MG-3.1MANAGEIncident response runbook for AI failures
Documented procedure for hallucination, bias, leak, or downtime incidents; rehearsed annually.
ISO 42001: 10.2
Per-characteristic detail
Trustworthy AI rubric scored 0-5 per axis
- Valid & Reliable
Accurate against ground truth and reliable across the operating envelope.
3 / 5 - Safe
Will not endanger life, health, property, or environment under foreseeable use.
4 / 5 - Secure & Resilient
Resists adversarial inputs, model extraction, and degrades gracefully.
3 / 5 - Accountable & Transparent
Clear ownership; decisions can be reviewed and contested.
3 / 5 - Explainable & Interpretable
Affected parties can understand how a decision was reached.
2 / 5 - Privacy-Enhanced
Personal data minimized, protected, and processed lawfully.
3 / 5 - Fair (bias managed)
Disparate impact tested and mitigated across protected groups.
3 / 5
Incidents on this use case (1)
AI failures with root cause and mitigation
- mediumINC-2026-001Hallucination✓ resolved 1/22/2026
Bot quoted a 60-day refund window; actual policy is 30. One customer issued a chargeback citing the bot transcript.
Root cause: Outdated FAQ document indexed in RAG store; document had been replaced but not removed.
Mitigation: Index rebuild script added to weekly cron; doc-versioning enforced. Refund-policy intent now routes to human.