System Card¶
Purpose¶
A System Card documents the complete AI system — not just the model, but the full stack: model, retrieval configuration, tooling, safety layers, observability, and human oversight. It complements the Technical Model Card, which focuses on the model component alone.
Use this template when the system involves any of:
- Multiple models or model calls in a pipeline
- RAG (retrieval-augmented generation) with managed knowledge sources
- Tool use / function calling / external API access
- Agentic behaviour (Mode 3–5)
- Any High or Limited Risk classification
The System Card is a Gate 3 deliverable for High Risk systems and must be kept up to date through the Management & Optimisation phase.
Download this template
Use this file as a starting point — open in your editor or AI assistant and fill in the fields. Fields marked [REQUIRED] must be completed before Gate 3 sign-off.
Part 1: System Identity¶
System name: [Human-readable name, e.g. "Customer Claims Triage"] System version: [Semantic version, e.g. v2.1.0] Owner (Tech Lead): [Name] Guardian: [Name] Last updated: [YYYY-MM-DD] Risk level: [Minimal / Limited / High / Critical] Collaboration Mode: [Mode 1–5]
Part 2: Intended Use¶
Primary Purpose [REQUIRED]¶
[One paragraph describing what the system does, who uses it, and in which context.]
Intended Users¶
[Describe the primary user group(s) and their technical level.]
Out of Scope [REQUIRED]¶
List use cases this system must not be used for:
- [Prohibited use 1]
- [Prohibited use 2]
Hard Boundaries [REQUIRED]¶
Cross-reference to the Objective Card:
| Boundary | Description |
|---|---|
| [Boundary 1] | [What the system will never do] |
| [Boundary 2] | [What the system will never do] |
Part 3: System Architecture¶
Model Layer¶
| Component | Value |
|---|---|
| Primary model | [Provider + model name + pinned version] |
| Fallback model | [Provider + model name, or "None"] |
| Fine-tuning | [Yes/No — if yes, link to Training Data section] |
| Inference parameters | Temperature: [X] · Top-P: [X] · Max tokens: [X] |
Retrieval Layer (RAG)¶
| Component | Value |
|---|---|
| Knowledge sources | [List of sources with owner and update frequency] |
| Embedding model | [Model name + version] |
| Vector store | [Technology + host] |
| Chunk size / overlap | [Tokens] |
| Retrieval strategy | [Top-K / MMR / hybrid — with K value] |
| Freshness guarantee | [How often is the knowledge base refreshed?] |
Complete only if RAG is used.
Tool / Function Layer¶
| Tool | Capability | Scope limit | Auth method |
|---|---|---|---|
| [Tool 1] | [What it does] | [Read-only? Write? What data?] | [API key / OAuth / service account] |
| [Tool 2] |
Complete only if tool use or function calling is enabled.
Orchestration Layer¶
[Describe multi-step pipelines, agent loops, or chaining logic. Include a diagram if the flow is non-trivial.]
Part 4: Safety Layers¶
Input Guardrails [REQUIRED for High/Critical Risk]¶
| Guardrail | Type | What it blocks |
|---|---|---|
| [Guardrail 1] | Regex / classifier / LLM-based | [Prompt injection / PII / off-topic] |
| [Guardrail 2] |
Output Guardrails [REQUIRED for High/Critical Risk]¶
| Guardrail | Type | What it blocks |
|---|---|---|
| [Guardrail 1] | Regex / classifier / LLM-based | [Harmful content / PII leak / hallucination] |
| [Guardrail 2] |
System Prompt Location and Access Control¶
- Location: [Version-controlled path / secret manager key]
- Access: [Who can read / modify the system prompt?]
- Change procedure: [Link to change management procedure]
Refusal Logging¶
- Refusals logged: [Yes / No]
- Log location: [System / retention period]
Part 5: Human Oversight¶
Oversight Mode [REQUIRED]¶
[Describe how humans oversee the system's outputs per the collaboration mode.]
| Situation | Human action required |
|---|---|
| Low-confidence output (\< [threshold]) | [Escalate / flag / block] |
| Sensitive topic detected | [Route to human / add disclaimer] |
| Error / refusal rate spike | [Alert duty team] |
Override Capability¶
- Override available to users: [Yes / No]
- Override mechanism: [How can a human correct or reject the output?]
- Override log: [Is the override logged? Retained how long?]
Escalation Path¶
[Document who is contacted when the system behaves unexpectedly.]
Part 6: Observability¶
Metrics Monitored¶
| Metric | Tool | Alert threshold | Owner |
|---|---|---|---|
| Output quality (Golden Set score) | [Tool] | [Threshold] | [Owner] |
| Latency (p99) | [Tool] | [ms] | [Owner] |
| Error / refusal rate | [Tool] | [%] | [Owner] |
| Input drift | [Tool] | [Threshold] | [Owner] |
| Cost per query | [Tool] | [€/1000 queries] | [Owner] |
Log Retention¶
| Log type | Retention period | Location |
|---|---|---|
| Input / output logs | [e.g. 90 days] | [System] |
| Audit trail (human overrides) | [e.g. 24 months] | [System] |
| Error logs | [e.g. 30 days] | [System] |
Part 7: Known Limitations¶
[REQUIRED] Document what the system cannot do reliably:
| Limitation | Description | Risk level | Mitigation |
|---|---|---|---|
| [Limitation 1] | [Description] | [Low/Med/High] | [What reduces the risk] |
| [Limitation 2] |
Part 8: Compliance Status¶
| Requirement | Status | Evidence location |
|---|---|---|
| Risk Pre-Scan completed | [✓ / pending] | [Link] |
| Validation Report (Gate 2) | [✓ / pending] | [Link] |
| Fairness Check | [✓ / N/A / pending] | [Link] |
| Guardian approval | [✓ / pending] | [Link] |
| Gate 3 sign-off | [✓ / pending] | [Link] |
| Post-market monitoring active | [✓ / N/A] | [Dashboard link] |
Part 9: Version History¶
| Version | Date | Changed by | Summary of changes |
|---|---|---|---|
| 1.0 | [YYYY-MM-DD] | [Name] | Initial version |