AI Risk and Accountability Assessment
A structured assessment of COMPAiSS against recognized AI accountability frameworks for institutional procurement and regulatory review.
System Identification
Core identifying information for procurement and regulatory review.
System Name
COMPAiSS - Compliance-Oriented Multi-Platform AI Institutional Scope System
System Type
Execution-gated institutional AI information system. Not a general-purpose AI. Not a decision-making system.
Developer and Accountable Party
Frank Harvey, Professor of Political Science and Senior Advisor, Dalhousie University. COMPAiSS Inc. holds the intellectual property and patent applications.
Patent Status
Canadian patent application CIPO 3,299,174 and US patent application USPTO 19/455,963 - both under examination, describing the pre-inference execution gate mechanism.
Deployment Status
Active beta pilots across five Canadian institutional environments, including research-intensive universities and a federal public service context. Two additional pilots under institutional review.
AI Engine
OpenAI inference API - standard API without fine-tuning. No institutional data enters any training pipeline at any stage.
This assessment covers the COMPAiSS platform architecture and governance framework as deployed across regulated institutional environments. Institution-specific deployment configurations - including authorized source lists, scope boundaries, and crisis response protocols - are documented separately for each institutional deployment and are available on request.
Risk Classification
Assessment against Canada's Directive on Automated Decision-Making and equivalent institutional AI governance frameworks.
Level I - Little to No Impact under Canada's Directive on Automated Decision-Making. COMPAiSS scores at the lowest risk level on every relevant assessment dimension. This classification applies to all current institutional deployments.
The Level I classification is supported by four independent findings, each of which independently places the system at the lowest impact level:
- No administrative decisions are made or supported COMPAiSS is an information navigation tool. It directs users to verified institutional sources. No eligibility determination, ranking, scoring, prioritization, or decision affecting rights, benefits, or entitlements is made by the system at any point. All decision authority remains with the institution and the user.
- No personal information is collected, stored, or processed Queries are stateless. The system receives text input only. No names, identification numbers, account information, or any personally identifiable information is collected or retained. Nothing persists after the transaction completes. A Privacy Impact Assessment is not required.
- All impacts are immediately and fully reversible The system provides information only. No action is taken on the user's behalf. A user who receives an unhelpful or incorrect response retains full ability to contact institutional staff directly through existing channels at any time. No rights, benefits, or entitlements are affected by the system's output.
- The pre-inference execution gate eliminates the primary hallucination risk category Source validation and scope enforcement occur before the AI generates any response. The system cannot hallucinate, cite unauthorized sources, or produce content outside the authorized institutional source set. This is an architectural constraint - not a post-generation filter - and directly addresses the AIA's core concerns about accuracy, bias, and unauthorized content.
While the Directive on Automated Decision-Making is a Government of Canada instrument, the risk dimensions it assesses - decision authority, personal data handling, reversibility, and accuracy controls - are directly applicable to institutional AI governance review in higher education, healthcare, and public sector contexts. COMPAiSS scores at the lowest risk level on all dimensions regardless of which institutional framework is applied.
Data Governance
What the system collects, processes, and retains - and what it does not.
None. No names, IDs, account numbers, or any identifying information at any stage.
None. Queries are processed transiently and discarded. Nothing is retained after the response is delivered.
Unclassified. All source content consists of publicly available institutional web pages.
Not required. No personal information is collected or processed at any stage.
Not applicable. Standard inference API without fine-tuning. No institutional data enters any model training pipeline.
Configurable to Canadian-region hosting upon institutional agreement, satisfying PIPEDA and provincial privacy law requirements.
Aggregated, anonymized usage patterns - for example, topic areas generating high query volume - can be made available to the institution for service planning. This analytics function operates exclusively on de-identified aggregate data and cannot be traced back to any individual user.
COMPAiSS operates entirely outside the personal data space by architectural design. There is no personal data pipeline to govern, no data retention policy to administer, and no risk of data breach exposing user information - because no user information is collected.
Architecture Accountability
How the system enforces scope, maintains audit trails, and supports institutional oversight.
COMPAiSS is built on an execution-gated inference architecture. Authorization and scope validation occur before any AI generation takes place. If no authorized institutional source exists for a query, the AI model does not execute. This is the core architectural accountability property - and it is not a configuration setting that can be overridden at the user level.
- Pre-inference execution gate Every query is validated against the institution's authorized source list before any AI generation occurs. Out-of-scope queries are rejected at the gate. The AI model only runs when authorization conditions are satisfied. This constraint is architectural - it cannot be prompted, reframed, or manipulated away.
- Authorized source list (greenlist) governance The institution retains full authority to review, approve, and modify the authorized source list at any time. COMPAiSS cannot access any page, document, or source that is not on the approved list. Every response is traceable to specific authorized sources.
- Audit trail and logging System logs capture every query received, the gate authorization result, and the sources parsed for each transaction. Each response is traceable to specific authorized source pages. Logs identify the platform version, governance configuration version, and AI model version used for each transaction.
- Version control and change management All changes to the governance configuration, authorized source list, prompt architecture, and platform infrastructure are committed to a version-controlled repository with timestamps and change records. The institution maintains a complete history of all governance configuration changes.
- Greenlist integrity auditing A purpose-built audit server checks every URL in an institution's authorized source list against the live web on a regular maintenance cycle, classifying each entry as active, redirected, broken, or unreachable. Broken or moved URLs are remediated and the corrected list is deployed automatically through the version-controlled repository.
- No continuous learning from user interactions The system does not learn from individual user queries. No interaction data is fed back into any model. The AI model improves only as OpenAI updates its underlying models - a process that is entirely external to institutional data and interactions.
Risk Register
Identified risks by category with architectural and operational mitigations.
No ethical, financial, privacy, or legal risks have been identified that would impede institutional deployment. The following risks have been identified and mitigated:
Technical Risks
- AI inference API availability Mitigation: Standard error handling and fallback messaging direct users to institutional staff when the inference layer is unavailable. The system degrades gracefully - it does not produce unreliable outputs when the API is degraded.
- Authorized source content becoming outdated Mitigation: Active greenlist maintenance on a regular audit cycle. The institution flags when source content changes. Outdated or removed pages are removed from the authorized list, preventing the system from citing content that no longer reflects current policy.
- Source URL unavailable at query time Mitigation: If a source is unreachable at the moment of a query, the system draws from other authorized sources that did respond, or returns a safe failure response directing the user to institutional staff. It cannot fabricate content from a source it cannot reach.
Governance Risks
- Scope creep beyond authorized content Mitigation: Architectural - the pre-inference execution gate cannot be overridden at the user level. Out-of-scope queries are rejected on the first attempt and every subsequent attempt regardless of how they are phrased or reframed.
- Adversarial prompt manipulation Mitigation: Input filtering blocks excessively long inputs, garbage text, and adversarial prompt attempts before they reach the gate. The gate itself enforces scope boundaries deterministically. Attempts to manipulate the AI's instructions are blocked before they reach the model.
Equity Risks
- Digital accessibility barriers Mitigation: Web-embedded design accessible from any browser-enabled device without specialized software or installation. Users who cannot use or prefer not to use the system retain full access to all the same information through existing institutional channels.
- Language barriers Mitigation: Multilingual query support - users can submit queries in any language. Translation is treated as a preprocessing step outside the authorization framework, ensuring that the language of the query does not affect what institutional content is considered authoritative.
Reputational Risks
- Public or institutional concerns about AI deployment Mitigation: The governance-first architecture, full auditability, stateless privacy-by-design approach, and pre-inference execution gate that structurally eliminates all standard hallucination sources directly address the concerns that generate institutional scrutiny. The system is designed to be auditable and defensible from the concept stage.
All identified risks are mitigated at the architectural level - not through post-deployment monitoring or policy controls alone. This means mitigations are structural properties of the system that cannot be accidentally disabled or configured away.
Human Oversight and Recourse
How institutional authority is preserved and how users escalate when the system does not meet their needs.
Human oversight and intervention operate at multiple levels within every COMPAiSS deployment. The system is designed from the concept stage to preserve institutional authority and user recourse at every point.
- Immediate user recourse Every system response includes links to official institutional pages and directs users to contact institutional staff directly for further assistance. A user who receives an incorrect or unhelpful response can contact staff through existing channels at any time. No action is taken on their behalf and no rights or entitlements are affected.
- Institutional override authority The deploying institution retains full authority to modify the authorized source list, update governance configuration, or disable the system at any time. All such changes take effect immediately and are logged with timestamps in the version-controlled repository.
- Crisis query handling When a query contains language associated with personal distress or crisis, the system returns a pre-approved institutional response directing the user to appropriate support resources - counselling services, campus security, or emergency contacts - as configured by the institution in alignment with its own duty-of-care policies. The AI model does not engage with crisis content.
- Developer accountability Frank Harvey holds direct technical accountability for all design, development, maintenance, and governance configuration. COMPAiSS Inc. is the incorporated entity that holds the intellectual property and platform operating rights. Service levels and accountability obligations are defined in each institutional licensing agreement.
- Non-automated alternative always available COMPAiSS is a supplementary channel. All existing institutional information channels, staff resources, and service options remain available at all times. The system's unavailability does not affect access to institutional services or information.
Procurement Readiness
Documentation and compliance status for institutional procurement and governance review processes.
Algorithmic Impact Assessment
A complete AIA has been prepared and submitted for federal review. Institution-specific AIA documentation is available for any regulated institutional deployment on request.
Privacy by Design
Stateless queries, no personal data collection, no session storage, no user profiling. The system operates entirely outside the personal data space by architectural design.
Patent-Protected Architecture
The pre-inference execution gate is the subject of patent applications in Canada (CIPO 3,299,174) and the United States (USPTO 19/455,963). The architectural distinction is formally documented and defensible.
Canadian Data Residency
Hosting can be configured to any Canadian-region infrastructure upon signing, satisfying PIPEDA and provincial privacy law requirements for Canadian institutions.
Accessibility
Web-embedded interface accessible from any browser-enabled device. No specialized software, download, or installation required. Formal accessibility compliance review is conducted prior to each institutional deployment.
Real-Time Governance Tools
Compliance receipts, governance delta comparisons, and governance reports are available to authorized institutional administrators without external software or AI assistance. See the AI Governance page for full details.
COMPAiSS enforces a stricter epistemic boundary than most institutional AUPs require. Because the system only responds to queries within institution-approved scope, and because all responses are traceable to specific authorized sources, COMPAiSS is compatible with standard AUP frameworks by design. For institutions with AI-specific AUP provisions, the execution-gated architecture provides a documented, auditable compliance path that generation-first systems cannot match.
COMPAiSS answers only from sources the institution itself has designated as authoritative. If those sources contain an error, the institution's liability exposure is no greater than if a staff member read from the same page. More importantly, COMPAiSS eliminates the category of fabricated institutional guidance - where an AI invents policy that does not exist - that creates the most serious liability exposure for institutions deploying generation-first AI. That class of error is architecturally impossible in COMPAiSS.
Request Documentation
How to obtain formal governance documentation for procurement or regulatory review.
The following documentation is available on request for any institution conducting a formal procurement or governance review:
- Complete Algorithmic Impact Assessment Full AIA responses across all sections, including risk classification rationale, data handling assessment, procedural fairness analysis, and system accountability documentation.
- Technical architecture documentation Detailed description of the pre-inference execution gate, greenlist governance model, audit trail architecture, and defense-in-depth security controls.
- Pilot deployment results Governance configuration documentation, query volume and gate pass/fail rate analysis, and institutional feedback from active deployments.
- Institution-specific governance package A tailored governance documentation package scoped to your institution's specific procurement framework, AUP requirements, and review process - prepared in advance of formal submission.
To request formal governance documentation, schedule a procurement review presentation, or discuss an institutional pilot deployment:
Request Documentation ->