AI Go-Live Review

An AI go-live review is the gate between restricted pilot and broader deployment. It verifies that the controls planned during pre-pilot and pilot review are in place, that the additional controls required for production are operational, and that the residual risks not closed are formally accepted with named acceptors.

The review structure mirrors the system's lifecycle gates. Pre-pilot controls (system documented, threat model complete, data minimisation applied) should already be passed by the time of the go-live review; verify that nothing regressed. Pilot controls (authentication, authorisation, logging, monitoring) should have produced evidence during the pilot itself; verify the evidence exists. Production-readiness controls (production prompt design, full audit log retention, on-call rotation including AI incident response) are the new work the go-live review focuses on.

The go-live review outputs an updated disposition. The system that received Conditional clearance at pilot review may receive Proceed clearance at go-live, or it may receive an updated Conditional with new conditions for ongoing operation. The disposition records the named acceptors for any residual risk that was not closed.

Re-assessment triggers are operational at go-live. The triggers named at pilot review (tool surface change, scope expansion, vendor model change) take effect once the system is in broad production. The go-live review confirms that each trigger has a named owner who is monitoring it.

The go-live review is not a one-time event. Quarterly review cadences, trigger-fired reassessments, and incident-driven reviews are part of the operating model the go-live review approves. The first go-live review is the most thorough; subsequent reviews are typically narrower.