01Define the agent's workflow, owner, users, systems, records, allowed actions, blocked actions, and production boundary before access expands.
02Set employee rules for approved AI tools, sensitive data, customer work, public chatbots, review duties, and shadow AI reporting.
03Use owner-approved identities, service accounts, least-privilege permissions, access reviews, credential rotation, and revocation paths.
04Document approved tools, action tiers, blocked calls, approval-required calls, untrusted-content limits, and tool-call test evidence.
05Separate trusted instructions from emails, files, tickets, web pages, chats, uploads, and other untrusted content before tool use.
06Minimize sensitive fields, redact private context, control recipients, restrict memory, and block outputs that reveal unrelated source data.
07Require reviewer approval for customer-facing, financial, legal, compliance, pricing, advice, permanent-record, or irreversible actions.
08Test golden cases, edge cases, permission denials, prompt injection, data exposure, tool failures, blocked actions, and fallback paths.
09Log prompts, source records, tool calls, retrieved fields, reviewer decisions, blocked actions, errors, incidents, and changed records.
10Define pause authority, evidence capture, revocation, rollback, notification, vendor escalation, owner review, and safe relaunch criteria.