Natoma Library

Governance framework

8 decisions every enterprise must make before deploying AI agents at scale.

A practical governance framework for CIOs, CISOs, and AI steering committees. The questions come from real enterprise conversations; the frameworks are what works.

Ungated. Read it online, or grab the PDF. No form, no email.

Read the frameworkBook a demoDownload PDF
Published by NatomaUpdated April 2026~12-min read

The framework

Eight decisions. Not optional, not sequential.

They get answered deliberately, or they get answered by default. Inventory enables the registry. The registry informs identity. Identity powers authorization. Authorization generates the audit trail. The audit trail feeds incident response.

01Decision

Agent Inventory

What is running in your environment?

You cannot govern what you cannot see. MCP servers live in local config files, do not generate network signatures, and never reach an IT inventory without deliberate discovery.

02Decision

Approved Registry

What is sanctioned versus shadow?

Tier every connection by data sensitivity. If governed takes three weeks and shadow takes five minutes, shadow wins.

03Decision

Identity Model

How are agents authenticated?

Short-lived, scoped, on-behalf-of credentials, not static keys in config files. Autonomous agents get non-human identities, authorized more restrictively than human-delegated ones.

04Decision

Authorization Model

Who can access what, with which tools, under what conditions?

Authorization operates at the tool-call level. This specific operation, these parameters, this user, right now. Not blanket MCP-server access.

05Decision

Audit Trail

Can you explain every action an agent took?

Capture timestamp, user, client, agent, server, tool, parameters, result, policy evaluation, and duration. Allowed, blocked, and attempted actions all count.

06Decision

Data Policy

What data can flow through the AI layer?

Once data enters a prompt, it flows through the LLM context window, may get logged or cached, and can influence other responses. Access controls alone are not enough.

07Decision

Lifecycle Management

Who owns each agent, and when is it retired?

Every agent needs a named owner, not a team. Orphans are the leading source of governance gaps. Review permissions the same way you review human access.

08Decision

Incident Response

What happens when something goes wrong?

Bulk queries at 3am that are technically allowed. Prompt injection. Autonomous actions while the user is offline. Your existing IR playbook does not cover these patterns.

Read all eight in the full framework

Abstract

Your engineers are already connecting AI agents to enterprise systems. Claude Code queries production databases. ChatGPT pulls CRM data. Cursor touches cloud infrastructure. Copilot Studio builds agents that reach ServiceNow, SAP, and Workday. The productivity is real. So is the risk.

Agents inherit user access, act without real-time oversight, and live in config files that never reach an IT inventory. One misconfigured connection becomes a data incident. One unvetted server becomes a compliance failure. One autonomous action becomes an audit finding you cannot explain. This framework is the eight decisions every AI steering committee must make before adoption reaches critical mass.

Who it's for

  • CIOs and Chief AI Officers mandated to deliver ROI on AI spend without losing control.
  • CISOs and enterprise security architects evaluating agent and MCP governance.
  • AI steering committees setting standards before adoption reaches critical mass.
  • IT governance and enterprise architecture leads who refuse to repeat the cloud democratization mistake.

What's inside

  • Eight decision areas with the core question, the frameworks that work, and the common mistakes that quietly break governance.
  • Technical enforcement patterns for identity, authorization, and audit. Not policy documents, infrastructure.
  • A maturity path from week-one visibility to month-four governance.
  • Language that lines up with how CIOs, CISOs, and enterprise architects actually describe this problem.

Have a governance question?

Book a demo. No pitch. We will walk this framework against your environment and share what we have seen across financial services, healthcare, manufacturing, and technology.

Book a demoRead the framework
SOC2 certified
GDPR compliant
CCPA
US Data Privacy