Governance workflows by role
This page describes how different roles interact with Saidot and how governance work flows in practice — both through the UI and programmatically via the REST API or MCP servers. It also documents the pre-built workflow Skills available to teams who want a ready-made starting point.
This page assumes familiarity with Saidot's data model. If you have not yet read How Saidot governance works, start there — it explains what Systems, Risks, Controls, the Library, and the Governance space are.
Pre-built workflow Skills
Saidot provides a set of open-source, pre-built workflow automations called Skills. These are ready-to-use agentic workflows that an AI assistant (such as Claude) can carry out on your behalf when connected to Saidot's MCP servers.
Preview: Skills are currently in preview and delivered to customers on request. They are functional and actively used, but the list, names, and behaviour may change as the platform evolves.
Important: Skills are starting points, not finished solutions. Every organisation has its own governance processes, terminology, guardrails, and approval chains. Review each Skill before using it and adapt it to match your organisation's needs and practices.
Examples of typical skills:
library — Read-only exploration of Saidot's curated Library: models, products, risks, controls, policies, and tasks. Use to research content before registering or governing assets.
system-registration — Register and onboard a new AI system, collect metadata, and link underlying assets (models, datasets)
asset-registration — Register models, agents, and products as governance assets independently of any system
data-governance — Document and govern datasets, profile data sources, link to systems, and flag privacy risks
risk-management — Run a full risk analysis on a system: triage inherited risks, find coverage gaps, recommend Library risks, write evaluations and treatment plans
eu-aia-prep — Readiness check for EU AI Act classification: verify required fields are populated and prepare for the conversational classifier
transparency-reporting — Generate a transparency report (PDF) and a live KPI snapshot for a system
gov-report — Generate a self-contained HTML governance report with risk, control, and system profile data
How Skills are triggered: Just describe what you want in the conversation — the agent will select the appropriate Skill based on what you say. You do not need to name a Skill explicitly or use any special syntax. If you want to direct the agent to a specific Skill, you can mention it by name, but this is optional, not a requirement.
AI governance lead
Governance leads are responsible for the overall AI governance programme — maintaining the AI inventory, tracking risk posture, and ensuring compliance deadlines are met.
Typical actions:
Query the full AI system inventory across spaces
Check aggregate risk posture across all systems, filtered by status and treatment
Identify systems with no owner or incomplete governance
Generate transparency reports for external stakeholders
Trigger EU AI Act classification readiness checks
Produce a governance dashboard for leadership
Recommended MCP profile: Governance MCP (read + limited write), Docs MCP (read)
Risk and compliance team
Risk and compliance teams own the risk register, evaluate control effectiveness, and map governance to regulatory frameworks.
Typical actions:
Identify risks without controls or with overdue reviews
Import Library risks onto a system
Bulk-add controls from the Library to address a risk gap
Request a risk review from a subject matter expert
Run a full risk gap analysis
Map controls to regulatory requirements
Recommended MCP profile: Governance MCP (read/write), Library MCP (read), Docs MCP (read)
System owner
System owners are accountable for an individual AI system — keeping its governance record current, confirming risk treatments, and signing off on lifecycle transitions.
Typical actions:
Get a full picture of a specific system's current state
Review and update risk treatment plans
Confirm control implementation status
Update system lifecycle stage on deployment or decommission
Link a newly deployed model to the system
Generate a transparency report for a specific system
Recommended MCP profile: Governance MCP (read/write scoped to their systems)
Developer and platform engineer
Developers integrate Saidot into CI/CD pipelines, deployment workflows, and internal tooling. They are typically the ones who configure MCP servers and build automation that calls the Governance API.
Typical actions:
Register a new AI system at deploy time
Register a new model version and link it to systems
Document a dataset used for fine-tuning or RAG
Ingest observability events from production (model drift, incident signals)
Check approval status of a model before deployment
Set up event-driven governance triggers: see Event-driven governance patterns
Recommended MCP profile: Governance MCP (read/write), Docs MCP (read)
Reviewer
Reviewers are subject matter experts — legal, security, ethics — who are assigned to review specific risks, controls, or systems on request.
Typical actions:
List open review requests assigned to you
Get the full context of a system before reviewing
Submit a control or risk review decision
Add a comment or observation to a risk
Recommended MCP profile: Governance MCP (read + targeted write for review actions), Docs MCP (read)
Choosing what to automate
Not all governance actions benefit equally from automation. A useful heuristic:
High-value automation targets: Repetitive data entry (registering systems from descriptions), bulk operations (adding standard controls across a portfolio), scheduled reporting, onboarding checklists, and any action triggered reliably by an external event (deployment, incident)
Keep human in the loop: Risk treatment decisions, classification and risk level assignments, review sign-offs, and any action with regulatory or reputational consequences
Agent-assisted, human-approved: Draft risk evaluations, suggest controls from the Library, pre-fill system metadata — then route for human review before saving