AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

Agentic AI
AGT · Agentic AIAGT-016Medium effortAgent-relevant

Agentic AI Deployment Readiness Assessment

Require a structured pre-deployment readiness assessment for tool-enabled AI agents, verifying that key governance controls are in place and that the agent's impact on connected systems has been evaluated before go-live.

Objective

Prevent premature deployment of agentic AI systems by establishing a governance gate that verifies control maturity, documents deployment impact, and obtains cross-functional sign-off before an agent is permitted to operate in production.

Maturity Levels

1

Initial

Agentic AI systems are deployed without a structured readiness process. Go/no-go decisions are made informally by the engineering or product team.

2

Developing

Some pre-deployment checklist exists but it is not specific to agentic systems. Coverage of tool access, permission scope, and impact on connected systems is absent or inconsistent.

3

Defined

A formal agentic AI deployment readiness assessment is required before any tool-enabled agent reaches production. The assessment covers control maturity (permissions, kill switch, audit logging), impact on connected systems, and escalation procedures. Sign-off from the AI governance function is required.

4

Managed

Assessment results are recorded and retained. A deployment register tracks all agentic systems in production with their readiness assessment date and outstanding remediation items. Re-assessment is triggered when an agent's tool access or autonomy scope changes materially.

5

Optimizing

Readiness assessments are automated in part: control checks that can be verified programmatically (e.g., kill switch wired, audit logging active) are checked automatically. Human review focuses on judgment-dependent items. Assessment results feed into the enterprise AI risk register.

Evidence Requirements

What an auditor or assessor would expect to see for this control.

  • Completed agentic AI deployment readiness assessment for each tool-enabled agent in production, including permission scope documentation, control completeness checklist, and impact assessment.
  • Sign-off records from technical owner, security/data function, and AI governance function.
  • Agentic AI deployment register showing all production agents, assessment dates, and any outstanding remediation items.

Implementation Notes

Distinction from model deployment gates

This control is distinct from model-performance-based deployment gates (which evaluate accuracy, drift, and bias metrics). Agentic deployment readiness focuses on governance and operational controls: does the agent have a kill switch? Are its permissions appropriately scoped? Has the blast radius of a malfunction been documented?

Key assessment domains

Permission and scope verification

  • Agent permissions are scoped to the minimum required for the defined task. No open-ended tool access.
  • Permission scope is documented and approved by a named owner.
  • Any elevated permissions (write access, cross-system access, identity assumption) have an explicit justification.

Control completeness

  • Kill switch or emergency halt is wired and tested.
  • Audit logging is active and outputs are being collected.
  • Human approval gates are defined for irreversible or high-consequence actions.
  • Agent identity is registered in the NHI management system.

Impact assessment

  • Systems the agent can read from, write to, or call are documented.
  • Maximum blast radius of a malfunction or misuse is estimated: what data could be corrupted or exfiltrated? What services could be disrupted?
  • Rollback or recovery procedure is documented.

Stakeholder readiness

  • Operations team responsible for monitoring the agent post-deployment is identified and briefed.
  • Escalation procedure for agent-related incidents is defined.
  • Users or counterparties affected by agent actions are aware the agent exists (where disclosure is appropriate).

Gating and sign-off

The assessment should require sign-off from: (1) the technical owner verifying control completeness, (2) the data or security function verifying impact assessment, and (3) the AI governance function verifying overall readiness. For high-risk agents, board-committee review under AGT-023 may also be required.

What makes an agent 'high-risk' for this control

Triggers for elevated review: agents with write access to production databases, agents acting on behalf of users without per-action confirmation, agents with cross-system tool access, agents handling regulated data, and agents operating in environments with limited reversibility.

Example Implementation

Agentic AI Deployment Readiness Assessment (template excerpt)

Agent: Customer Refund Processing Agent | Version: 1.2 | Assessment date: 2026-06-01

1. Permission and scope verification

CheckStatusNotes
Tool access list documentedPassCRM read, Payments API write (refund endpoint only), Audit log write
Permissions scoped to minimum requiredPassPayment write scope limited to refunds ≤$500; amounts above require human approval
Elevated permissions justifiedPassPayment write approved by Head of Payments and CISO on 2026-05-28
No open-ended or wildcard tool accessPass

2. Control completeness

CheckStatusNotes
Kill switch wired and testedPassTested 2026-05-30; halt confirmed within 8 seconds
Audit logging activePassAll tool calls logged to agent-audit stream
Human approval gate for irreversible actionsPassRefunds >$500 route to human queue; cancellations always require confirmation
NHI identity registeredPassNHI ID: SVC-REFUND-AGENT-001

3. Impact assessment

  • Systems affected: CRM (read), Payments API (write — refund endpoint), Audit log (write)
  • Maximum blast radius: Erroneous refunds up to $500 per transaction. Agent rate-limited to 50 transactions/hour. Maximum exposure per hour: $25,000. Rate limit alert at 40 transactions/hour.
  • Rollback procedure: Payments team can reverse agent-initiated refunds within 24 hours via Payments API reversal endpoint. Procedure documented in runbook P-027.

4. Sign-off

RoleNameDateStatus
Technical ownerJ. Reyes2026-06-01Approved
Security functionT. Okafor2026-06-01Approved
AI governanceC. Müller2026-06-02Approved — cleared for production

Control Details

Control ID
AGT-016
Typical owner
Chief AI Officer / CISO / AI Governance Committee
Implementation effort
Medium effort
Agent-relevant
Yes

Tags

deployment readinessagentic AIpre-deployment reviewgovernance gateimpact assessment

Mapped Regulations

NIST AI 600-1 Generative AI ProfileISO/IEC 42001:2023 – Information Technology – Artificial Intelligence – Management System

Related Controls

AGT-007Agent Scope and Task BoundariesAGT-001Agent Permission BoundariesAGT-005Human Approval Gate for Irreversible Agent ActionsAGT-012Agent Kill Switch and Emergency StopAGT-009Agent and Non-Human Identity Management

Related Playbook

How do we document AI decision-making for auditability?Who owns AI governance within the organization?How do we build an AI governance program from scratch?What do we do when an AI system causes harm or fails?How do we govern AI models from preview release through retirement?Is our AI red-teaming rigorous enough?How do we govern our AI supply chain and manage upstream model dependencies?How do we inventory and classify AI systems by risk level?How do we report AI risk to the board and audit committee?Do we have a complete AI inventory?How do we govern AI agents that take autonomous actions?What does meaningful human oversight look like for high-risk AI decisions?How do we manage third-party AI vendors safely throughout the vendor lifecycle?What is our process for model drift monitoring?How do we build and maintain a multi-framework AI risk register?How do we engage regulators and standards bodies proactively on AI governance?