The Disposition Protocol

One named person, identified by name and role in the authorization record before the system goes live, who is formally required to receive every accuracy signal and owns the decision about what happens next. Not a team. Not a shared inbox. One person. When the monitoring fires, this person receives it and is formally obligated to act.

The Accuracy Owner is distinct from the Consequence Owner, who holds overall accountability for the agent's behavior. An organization can have a named Consequence Owner and still have nobody whose specific formal responsibility is the accuracy signal. The Accuracy Owner closes that specific gap.

A specific number, written before deployment, at which the Accuracy Owner is no longer managing a concern and is formally required to initiate a review. Not a feeling. Not when we are worried. A number.

The threshold is an accuracy rate, a sensitivity rate, a reversal rate, or an error rate, depending on the system. It is chosen before deployment through the same governance process that authorizes the system. An organization that has monitoring but no threshold has a dashboard that produces information. It does not have a governance trigger.

One named person, different from the Accuracy Owner, who holds the formal authority to pause the system while a triggered review runs. Named before deployment. If identifying the person who can pause a production system currently requires a committee meeting, the problem is not the alert threshold. The suspension authority was never designed.

The Suspension Authority exists so the pause decision can be made while the review is live, before the organization has converted a signal into another unresolved meeting note.

Before the system resumes after a triggered review, specific things must be demonstrated and documented. What those things are is decided before deployment, not assembled under business pressure while the system is idle and the case for resuming grows louder by the hour.

The re-authorization standard defines what the Accuracy Owner and Suspension Authority must be able to show before the system is restarted: evidence that the root cause has been identified, evidence that the root cause has been addressed, evidence that the fix has been validated, and a documented decision by the Suspension Authority that the system is cleared to resume.

When a trigger threshold is crossed and a formal review begins, specific people are notified within a specific timeframe. The legal team. The board risk committee. The regulatory contact. Whoever the organization has determined has a right to know. The notification is not a retrospective disclosure assembled after the incident closes. It is a required communication with a documented timestamp that starts when the threshold is crossed.

The clock prevents the organization from treating notice as a cleanup task after the facts are settled. The obligation begins when the threshold is crossed, because that is the moment the governance process begins.

Once a threshold is crossed and a formal review begins, a decision must be reached and documented within a defined window. The decision is one of three: hold, resume, or escalate. Not a committee meeting scheduled for next Thursday. A named deadline, logged at the moment the threshold is crossed.

The Decision Window exists because a triggered review without a deadline is not a governance process. It is a governance conversation. The difference is that one produces a documented decision within a defined timeframe. The other produces a Thursday agenda item.