SSM-Audit – Governance & Conformance (0D.4–0D.8)

0D.4 — Provenance (optional but recommended)
Tamper-evident, replayable stamps that do not change m. Add per-file (or per-row) stamps only if needed for your audit trail.

# Per-file stamp (ASCII, single line)
SSMCLOCK1|iso_utc|rasi_idx|theta_deg|sha256(file)|chain

# Chain bootstrap and step
chain_0 := "0"*64
chain_k := sha256( ascii(chain_{k-1} + "|" + stamp_core_k) )

# Daily anchor (for all stamps that day)
rollup_D := sha256( ascii(Stamp_1 "|" ... "|" Stamp_n) )

# Constraints / notes
# - iso_utc := "YYYY-MM-DDTHH:MM:SSZ" (no leap-second :60)
# - Unknown extension keys (e.g., kv:...) may be ignored by verifiers
# - Stamps are advisory evidence and never alter m

0D.5 — CI wiring (lightweight, always on)

  • Daily: run C1–C3, C7, C11 on fresh CSVs; emit a 1-page status with counts and any WARN/FAIL.
  • Weekly: add C4–C6 (batch vs stream vs shuffled), C8 (knobs diff), and if enabled C9–C10 (chain/anchor).
  • Quarterly: independent spot-audit: rerun a historical window from raw inputs to confirm determinism and manifest discipline.

0D.6 — Go/No-Go for scaling beyond pilot
Go when the last 10 business days show:

  • phi((m,a)) = m everywhere (C2 PASS).
  • No FAILs on C4–C7.
  • Fewer alert flickers after bands (C12 PASS).
  • At least two concrete “caught-early” cases validated by owners.
  • Provenance intact, if enabled (C9–C10 PASS).
    No-Go if any FAIL persists >2 business days or if stability bands contradict ground truth without explanation.

0D.7 — Evidence pack (kept for each pilot and release)

  • Manifest: version, build_id, knobs, policies, mappings.
  • Pilot CSVs: with a, band, knobs_hash, build_id, stamp (if enabled).
  • Conformance report: C1–C12 outcomes with reasons.
  • Executive brief: 1–2 pages with band movements, early warnings, decisions taken.
  • Acceptance note: date, owners, exceptions, and resolution.

0D.8 — Responsible use and limits

  • Advisory first. Use bands to guide attention; keep controls unchanged until a formal safety case is documented.
  • Declared scope. Stability reflects the declared mapping only (for example, coverage, agreement, residual).
  • Separation of duties. Prefer different teams for declaring mappings{...} and signing executive conclusions.

Navigation
Previous: SSM-Audit – Governance & Conformance (0D.1–0D.3)
Next: SSM-Audit – Finance Defaults & Worked Examples (0E.1–0E.3)

Directory of Pages
SSM-Audit – Table of Contents

Frequently asked questions
SSM-Audit – Q & A