Agent Memory and Context Governance
Define policies governing what AI agents store in memory or persistent context, how long it is retained, who can access it, and under what conditions it is deleted.
Objective
Prevent agents from accumulating sensitive data across sessions without appropriate retention limits, access controls, and audit trails.
Maturity Levels
Initial
Agent memory is ungoverned; no policies exist for what is stored or how long.
Developing
Memory retention is addressed informally for some agents but no organization-wide policy exists.
Defined
A documented policy specifies retention limits, prohibited memory content, and deletion triggers for all agent types.
Managed
Memory contents are auditable; retention compliance is verified through periodic reviews.
Optimizing
Memory governance is enforced programmatically; policy violations trigger automated remediation.
Evidence Requirements
What an auditor or assessor would expect to see for this control.
- —Memory governance policy document defining retention limits, permitted and prohibited content, and deletion triggers by memory type
- —Periodic memory audit records confirming contents were reviewed for policy compliance
- —Exception approval records for any retention period exceeding the default limit, with Privacy Officer sign-off
- —Deletion confirmation records for memory purges triggered by user requests or TTL expiry
- —Access logs showing which individuals accessed agent memory stores and for what purpose
Implementation Notes
Key steps
- Classify memory types: ephemeral (in-context, cleared after session), session (persists within a user session), and persistent (survives across sessions) — each requires different governance.
- Prohibit storage of PII, credentials, or regulated data in persistent agent memory unless explicitly required and approved.
- Set default retention limits and require a documented exception process for longer retention.
- For multi-agent architectures, define which agents can read other agents' memory and under what conditions.
Example Implementation
Customer success team deploying an AI agent with cross-session customer context
Agent Memory Policy — Customer Success Agent
| Memory Type | Retention Limit | Permitted Content | Prohibited Content | Deletion Trigger |
|---|---|---|---|---|
| Ephemeral (in-context) | Session end | Any task-relevant content | N/A — cleared automatically | Session close |
| Session | 24 hours | Issue summary, user preferences | PII beyond name/account ID, credentials | Session timeout |
| Persistent | 90 days | Account history summaries, escalation flags | Health data, financial details, passwords | User request or 90-day TTL |
Exception process: Persistent retention beyond 90 days requires written approval from Privacy Officer
Audit access: Memory contents accessible to AI Governance team; 48-hour notice required to agent owner except for incident investigation
Scope: Applies to all customer-facing agents with cross-session memory capability
Control Details
- Control ID
- AGT-003
- Domain
- Agentic AI
- Typical owner
- AI Governance Team / Privacy / CISO
- Implementation effort
- Medium effort
- Agent-relevant
- Yes