Core questions
Which user identity is used for each system, and how is that identity mapped?
Which object, field, and record checks happen before the prompt or execution context is assembled?
Procurement / AIGIS resources
RFP questions for enterprise AI governance buyers.
The strongest RFP questions ask how permission evidence is produced before data reaches a model.
Executive read
The short version, before the deep dive.
Ask where governance happens in the request path.
Ask whether inaccessible fields are removed before model exposure.
Ask how connector enforcement differs by system.
Ask what evidence is exportable for audit review.
Analysis
What matters
Boundary questions
Which systems have production-grade enforcement today, and which are co-development or roadmap scope?
AIGIS answers this by naming Salesforce as the production proof path and disclosing ServiceNow and SAP asymmetry.
Resource packet
Turn this into a review worksheet.
Evidence packet
Permission-Provenance Evidence Packet
Capture user context, system of record, enforcement tier, stripped fields, model route, response, hash marker, and fallback notes.
Salesforce is the production proof path. ServiceNow and SAP are design-partner co-development paths with asymmetric enforcement that must be disclosed in diligence.
Keep reading
Related resources.
Security
CISO AI Audit Readiness Brief
A concise CISO-oriented brief for evaluating AI governance evidence, permission enforcement, and connector asymmetry.
Audit
Permission Provenance Audit Evidence
What audit teams should expect from AI permission-provenance evidence across Salesforce-first governed workflows.
Architecture
Governed Runtime For Enterprise AI
How a governed runtime shapes identity, permissions, context, model routing, and evidence before AI answers.