{
 "reviewed": "2026-07-15",
 "disclosure": "ALLinAI 證據規劃起點，不是法律意見、合規認證、資安認證、完整稽核程序、充分性判定或已通過稽核的證明；NIST AI RMF 1.0 正在更新，Core 的動作不是逐項勾選表，Playbook 是自願性資源，SP 800-53A 可依生命週期、風險與容忍度裁剪。請由有權角色依實際用途、期間、資料、控制目的、契約與法規判斷證據是否充分。",
 "categories": {
  "governance": "治理與決策",
  "configuration": "架構與版本",
  "data": "資料與知識",
  "evaluation": "評測與安全測試",
  "access-actions": "權限與外部動作",
  "operations": "監控、事件與供應商"
 },
 "systems": {
  "generation": "文字生成",
  "rag": "RAG 知識庫",
  "extraction": "擷取／結構化",
  "classification": "分類／預測",
  "agent": "AI Agent"
 },
 "types": {
  "design": "設計證據",
  "operation": "執行證據",
  "effectiveness": "有效性證據"
 },
 "sources": {
  "nist_rmf_core": "https://airc.nist.gov/airmf-resources/airmf/5-sec-core/",
  "nist_rmf_playbook": "https://airc.nist.gov/airmf-resources/playbook/",
  "nist_sp800_53a": "https://csrc.nist.gov/pubs/sp/800/53/a/r5/final",
  "nist_sp800_218a": "https://csrc.nist.gov/pubs/sp/800/218/a/final",
  "cisa_secure_ai": "https://www.cisa.gov/news-events/alerts/2023/11/26/cisa-and-uk-ncsc-unveil-joint-guidelines-secure-ai-system-development",
  "owasp_llm_2025": "https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/",
  "owasp_agentic_2026": "https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/"
 },
 "evidence": [
  {
   "slug": "use-case-register-scope",
   "category": "governance",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation"
   ],
   "name": "AI 使用情境清冊與範圍紀錄",
   "proves": "用途、使用者、資料、輸出、影響、Owner、禁止用途與停用方式已被明確界定。",
   "collect": "從正式端點、內部工具、工作流、帳單與採購清單反查資產，保存每次 Owner 覆核與差異。",
   "verify": "抽查正式流量能否對到現行清冊；訪談 Owner 說明用途、禁止範圍、最近覆核與停用操作。",
   "protect": "限制清冊寫入權，敏感資料只記類型與位置，不貼原文；保留版本與核准者。",
   "stale": "正式用途、資料、端點、供應商、Owner 或停用方式變更後，舊版即不能代表現況。",
   "owners": "業務 Owner、產品、平台、採購／風險"
  },
  {
   "slug": "risk-assessment-decision",
   "category": "governance",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation",
    "effectiveness"
   ],
   "name": "風險評估、分級與處置決策",
   "proves": "組織曾依影響、資料、可逆性、自動化與使用者群體判斷審查、控制與剩餘風險。",
   "collect": "保存評估問題、輸入事實、評分或理由、選用控制、例外、決定者、日期與重新評估條件。",
   "verify": "重走一個高影響與一個低影響案例，確認相同事實會路由到預期審查，缺資料不會自動通過。",
   "protect": "依個資與商業敏感度分權；決策結果可供使用者查閱，但底層資料與法律意見另行保護。",
   "stale": "用途、受影響者、法規、契約、資料、模型能力或外部動作改變時，原決策需重審。",
   "owners": "業務 Owner、風險／法務、資安、資料 Owner"
  },
  {
   "slug": "approval-accountability-record",
   "category": "governance",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "operation",
    "effectiveness"
   ],
   "name": "批准、拒絕與責任交接紀錄",
   "proves": "有權角色看到必要資訊後，對特定版本、範圍與條件作成可追溯決定。",
   "collect": "從工作流保存批准人、角色、時間、請求 hash、附件版本、條件、拒絕、撤回與逾期狀態。",
   "verify": "抽查批准後參數是否未變；測拒絕、撤回、逾時、代理人與批准者離職時是否 fail closed。",
   "protect": "防止同一執行者任意改寫；顯示最小必要內容，對敏感附件設存取與下載紀錄。",
   "stale": "範圍、版本、參數、批准者權限或有效期改變後，舊批准不得繼續授權。",
   "owners": "業務批准者、發布負責人、IAM、稽核／風險"
  },
  {
   "slug": "policy-exception-history",
   "category": "governance",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation",
    "effectiveness"
   ],
   "name": "政策、例外、補償控制與到期紀錄",
   "proves": "禁止事項、責任、例外條件與到期已進入可執行流程，而非只有政策文件。",
   "collect": "保存政策版本、適用對象、教育、例外 Owner、理由、補償控制、到期通知與關閉或續批。",
   "verify": "列出全部有效例外並核對實際設定；建立即將到期案例，確認會阻斷或重新審查。",
   "protect": "政策可廣泛閱讀；例外理由與敏感架構細節依 need-to-know 分開保存。",
   "stale": "政策、控制、組織、例外條件或到期狀態改變後，先前截圖與匯出不再充分。",
   "owners": "政策 Owner、風險／法務、IAM、業務主管"
  },
  {
   "slug": "architecture-data-flow-boundary",
   "category": "configuration",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation"
   ],
   "name": "架構、資料流與信任邊界圖",
   "proves": "輸入、模型、RAG、記憶、工具、供應商、日誌與人工節點的實際資料路徑已被理解。",
   "collect": "由部署設定、程式、網路、資料與供應商清單產生版本化圖，標示環境、Owner、資料類型與信任邊界。",
   "verify": "選一筆正式工作逐跳核對，確認圖上每個資料儲存、外送、權限決策與外部副作用都存在且方向正確。",
   "protect": "公開圖移除秘密與內部位址；完整圖限制存取、加版本與完整性檢查。",
   "stale": "新增端點、資料源、模型、索引、工具、記憶、日誌、供應商或環境後需要更新。",
   "owners": "架構／平台、資料 Owner、資安、供應商 Owner"
  },
  {
   "slug": "release-version-manifest",
   "category": "configuration",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation",
    "effectiveness"
   ],
   "name": "模型、提示、資料與工具發布 Manifest",
   "proves": "每筆正式結果可連回實際生效的模型、prompt、schema、資料、索引、工具、政策與參數版本。",
   "collect": "在發布管線自動產生不可變 ID、內容 hash、相依版本、環境、建置來源、批准與部署時間。",
   "verify": "從一筆正式 trace 反查 manifest 並重建；模擬模型別名或遠端設定改變，確認差異會被偵測。",
   "protect": "不得把 prompt 中的秘密或個資直接寫入；manifest 防竄改並限制發布寫入權。",
   "stale": "任何相依內容、遠端設定、模型實際版本或部署環境改變後，舊 manifest 不能代表新結果。",
   "owners": "ML／Agent 工程、平台、發布負責人、品質"
  },
  {
   "slug": "change-review-rollback",
   "category": "configuration",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation",
    "effectiveness"
   ],
   "name": "變更差異、重測、批准與回復紀錄",
   "proves": "模型、提示、RAG、資料、工具與平台變更曾經評估影響、重測，且具可用回復路徑。",
   "collect": "保存變更前後版本與 diff、影響判斷、案例與指標、no-go、批准、放量、監控與回復演練。",
   "verify": "抽一個變更確認受影響面與重測相符；以受控環境演練回切並核對資料、索引、工具契約。",
   "protect": "限制正式設定與回復憑證；測試證據可去識別，完整 diff 依架構敏感度控管。",
   "stale": "新變更、回復不可用、資料格式不相容或供應商撤銷舊版後，既有回復證據會失效。",
   "owners": "變更 Owner、品質、平台／SRE、業務 Owner"
  },
  {
   "slug": "secure-build-dependency-record",
   "category": "configuration",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation"
   ],
   "name": "安全建置、相依性與來源紀錄",
   "proves": "AI 應用、模型／資料工件與相依元件來自受控來源，建置與發布分工可追溯。",
   "collect": "保存程式與設定版本、依賴鎖定、SBOM／工件清單、掃描結果、建置環境、簽章與發布身分。",
   "verify": "從正式工件重建來源與相依版本；測未核准來源、過期依賴、遭修改工件與建置者權限。",
   "protect": "建置日誌移除 token；簽章私鑰由受管機制使用，工件與證據採唯讀保留。",
   "stale": "任何程式、模型、資料工件、相依套件、建置器或簽章信任改變後需重新產生。",
   "owners": "應用／ML 工程、平台、供應鏈資安、發布負責人"
  },
  {
   "slug": "data-inventory-purpose-retention",
   "category": "data",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation"
   ],
   "name": "資料清冊、目的、保存與刪除矩陣",
   "proves": "輸入、輸出、評測、RAG、trace、備份與供應商資料的目的、位置、Owner 與保存處理已定義。",
   "collect": "逐資料類型記錄來源、用途、敏感度、位置、收件者、保存期、刪除方法、例外與契約設定。",
   "verify": "以可追蹤測試資料走到到期與刪除，核對主庫、索引、快取、備份、匯出及供應商結果。",
   "protect": "清冊不貼資料原文；刪除證明需防止洩漏資料主體或內部儲存位置。",
   "stale": "新增用途、欄位、位置、供應商、保存例外或刪除機制後需更新；未實測的政策不算執行證據。",
   "owners": "資料 Owner、隱私／法務、平台、供應商 Owner"
  },
  {
   "slug": "data-provenance-quality-manifest",
   "category": "data",
   "systems": [
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation",
    "effectiveness"
   ],
   "name": "資料來源、品質與建置 Manifest",
   "proves": "訓練、評測、擷取與檢索資料具有來源、版本、生效日、處理結果及失敗可追溯性。",
   "collect": "保存來源 URI／ID、內容 hash、授權／取得依據、版本、解析器、清洗規則、筆數、失敗與人工裁決。",
   "verify": "抽樣回到原始來源；用過期、衝突、缺值、表格與解析失敗資料驗證不會被靜默當成有效。",
   "protect": "原始敏感資料與衍生統計分開；證據用 hash 與受控樣本，限制可反推個人的欄位。",
   "stale": "來源、內容、授權、解析器、清洗規則、索引或品質門檻改變後，舊 manifest 失效。",
   "owners": "資料／內容 Owner、資料／RAG 工程、品質、隱私"
  },
  {
   "slug": "retrieval-acl-tenant-test",
   "category": "data",
   "systems": [
    "rag",
    "agent"
   ],
   "types": [
    "operation",
    "effectiveness"
   ],
   "name": "RAG 權限、租戶隔離與撤權測試",
   "proves": "候選文件階段會依呼叫者阻擋跨角色、跨部門或跨租戶內容，撤權與分享變更會生效。",
   "collect": "保存測試身分、ACL 快照、租戶與快取鍵、查詢、候選文件、政策決策、拒絕與撤權延遲。",
   "verify": "執行跨角色、跨租戶、存在性、快取命中、分享變更及撤權案例，確認不是只在答案層過濾。",
   "protect": "使用合成租戶與文件；真實 ACL、文件標題及查詢 trace 限制存取並依保存期刪除。",
   "stale": "ACL、身分來源、索引、快取、檢索程式或租戶模型改變後需重測。",
   "owners": "IAM、資料 Owner、RAG／平台工程、資安"
  },
  {
   "slug": "minimization-redaction-scan",
   "category": "data",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation",
    "effectiveness"
   ],
   "name": "資料最小化、遮罩與秘密掃描結果",
   "proves": "不必要的個資、機密與秘密不會進入模型、索引、輸出、下載、trace 與供應商。",
   "collect": "保存欄位允許清單、遮罩規則與版本，使用合成敏感樣本掃描輸入、錯誤、輸出、日誌及匯出。",
   "verify": "測常見與邊界格式、編碼、截斷、附件與錯誤路徑；人工抽樣判讀誤報、漏報與實際殘留。",
   "protect": "永遠不以真實 token／金鑰作證據；合成標記可追蹤，掃描結果去識別並限制原文。",
   "stale": "資料欄位、格式、模型、日誌 schema、供應商、遮罩規則或下載路徑改變後需重測。",
   "owners": "資料 Owner、隱私、資安、平台"
  },
  {
   "slug": "evaluation-plan-acceptance",
   "category": "evaluation",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation"
   ],
   "name": "評測計畫、基準、門檻與發布判定",
   "proves": "測試前已定義用途、族群、案例、人工基準、指標、門檻、重大阻斷與決策角色。",
   "collect": "保存評測範圍、資料與版本、分群、指標定義與分母、重大錯誤、門檻、no-go、批准及例外。",
   "verify": "確認門檻不是看完結果才調整；放入重大失敗案例，驗證不會被平均品質分數抵銷。",
   "protect": "評測資料最小化、去識別並限制外洩；盲測標籤與正式答案分權，避免污染。",
   "stale": "用途、族群、模型、prompt、資料、工具、政策、指標或錯誤後果改變後要重新評估適用性。",
   "owners": "業務 Owner、領域專家、品質／ML、風險角色"
  },
  {
   "slug": "test-run-item-results",
   "category": "evaluation",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "operation",
    "effectiveness"
   ],
   "name": "逐題測試結果、預期與實際輸出",
   "proves": "正常、邊界、無答案、依據、權限、失敗與人工接管案例已在指定版本實際執行。",
   "collect": "每題保存案例版本、輸入或合成 ID、預期、實際、版本 manifest、評分、人工裁決、重跑與問題連結。",
   "verify": "抽樣重跑可重現到合理變異範圍；檢查逐題與分群結果，不只看總平均或挑選成功示範。",
   "protect": "避免把真實秘密、個資與受限文件複製進測試；必要樣本採授權、去識別、分權與到期。",
   "stale": "模型、參數、prompt、資料、索引、工具、評分器、測試集或正式流量分布改變後需重測。",
   "owners": "品質／測試、ML／應用工程、領域專家、資料 Owner"
  },
  {
   "slug": "human-reviewer-calibration",
   "category": "evaluation",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation",
    "effectiveness"
   ],
   "name": "人工評分規則、一致性與校準紀錄",
   "proves": "人工基準不是單一未校準意見；評分者理解規則、分歧可裁決，且工作負荷可行。",
   "collect": "保存 rubric 版本、訓練樣本、盲評結果、評分者角色、一致性指標、分歧原因、裁決與規則修訂。",
   "verify": "以相同與邊界樣本重評，檢查不同角色、語言與群體差異；確認介面不預設誘導通過。",
   "protect": "評分者身分與敏感案例分開；僅保存必要理由，限制高影響個案與受影響者資料。",
   "stale": "rubric、用途、評分者群體、介面、工作量或案例分布改變後，舊校準不足以代表現況。",
   "owners": "領域專家、品質、人資／營運、風險角色"
  },
  {
   "slug": "security-abuse-redteam-results",
   "category": "evaluation",
   "systems": [
    "generation",
    "rag",
    "agent"
   ],
   "types": [
    "operation",
    "effectiveness"
   ],
   "name": "安全、濫用與紅隊測試結果",
   "proves": "指令注入、敏感資料、輸出注入、工具濫用、跨權限與資源耗盡等情境已在授權範圍測試。",
   "collect": "保存威脅與範圍、案例、版本、預期、實際、政策／工具 trace、嚴重度、修正、重測與剩餘風險。",
   "verify": "由防禦者重現主要發現並驗證修正；測直接與間接輸入、編碼變體、未知工具與 fail closed。",
   "protect": "不得在未授權正式系統測攻擊；PoC、秘密、漏洞與客戶資料限制存取並設定揭露流程。",
   "stale": "信任邊界、模型、prompt、資料、工具、權限或防護改變後，舊結果不能證明新版本安全。",
   "owners": "資安／紅隊、應用／Agent 工程、資料／工具 Owner、風險"
  },
  {
   "slug": "service-identity-entitlement",
   "category": "access-actions",
   "systems": [
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation",
    "effectiveness"
   ],
   "name": "服務身分、實際權限與覆核差異",
   "proves": "每個工作負載只有完成用途所需的資料與工具 scope，撤權、短效憑證與環境隔離有效。",
   "collect": "匯出服務身分、角色、資源、動作、條件、最近使用、核准 scope、覆核、撤權與拒絕日誌。",
   "verify": "從工具與資料源反查實際授權；測未允許操作、跨租戶、憑證過期、撤權及停用後存取。",
   "protect": "輸出不含 token 或金鑰原文；IAM 匯出與架構權限視敏感程度限制，保留完整性。",
   "stale": "身分、角色、資源、scope、工具、環境或 Owner 變更後，先前權限快照會過期。",
   "owners": "IAM、資安、平台、資料／工具 Owner"
  },
  {
   "slug": "action-approval-trace",
   "category": "access-actions",
   "systems": [
    "agent"
   ],
   "types": [
    "operation",
    "effectiveness"
   ],
   "name": "外部動作逐次批准與實際結果 Trace",
   "proves": "寄送、寫入、刪除、付款或改權限綁定單次批准，且執行內容與批准預覽一致。",
   "collect": "以工作 ID 串接提案、精確 diff、對象、金額、請求 hash、批准／拒絕、工具參數與外部結果。",
   "verify": "測逾時、撤回、參數變更、舊批准重放、無人接手與執行者分離；直接查外部系統核對。",
   "protect": "遮罩敏感內容但保留可驗證 hash；批准與工具日誌防竄改，依交易與個資要求分權保存。",
   "stale": "批准參數、請求內容、工具版本、批准者權限、有效期或外部目標改變後，原證據不可沿用。",
   "owners": "業務／財務批准者、工具 Owner、IAM、稽核／風險"
  },
  {
   "slug": "idempotency-state-compensation",
   "category": "access-actions",
   "systems": [
    "agent"
   ],
   "types": [
    "design",
    "operation",
    "effectiveness"
   ],
   "name": "冪等、狀態機、重放與補償測試",
   "proves": "逾時、並發與重試不會重複產生副作用；部分成功能被表示、查詢、補償與人工接手。",
   "collect": "保存冪等鍵、請求 hash、狀態轉移、去重命中、外部交易 ID、重試、補償批准與未解案件。",
   "verify": "注入回應遺失、queue 重送、並發、程序中斷與補償失敗，逐筆確認外部副作用只發生預期次數。",
   "protect": "業務鍵與交易資料依敏感度雜湊或遮罩；不可將正式金流憑證放入測試證據。",
   "stale": "工作流、業務鍵、外部 API、狀態 schema、重試或補償流程改變後需重測。",
   "owners": "平台／工作流、工具 Owner、業務／財務、客服／營運"
  },
  {
   "slug": "secrets-vendor-processing-config",
   "category": "access-actions",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation",
    "effectiveness"
   ],
   "name": "秘密管理與供應商資料處理實際設定",
   "proves": "秘密由受管機制提供且可撤銷；供應商的保存、訓練、區域與子處理設定符合核准用途。",
   "collect": "保存秘密 scope、存取、輪替／撤銷演練，以及契約條款、管理台設定截取、API 回傳與差異。",
   "verify": "用合成秘密測提交、prompt、輸出與日誌；輪替測試憑證並核對舊值失效、服務恢復及供應商設定。",
   "protect": "絕不保存任何 token／金鑰原文；設定畫面移除帳號與敏感識別，原始契約依權限保護。",
   "stale": "供應商、方案、區域、子處理者、模型、契約、管理台選項、秘密 scope 或憑證改變後更新。",
   "owners": "資安、平台、採購／法務、供應商 Owner"
  },
  {
   "slug": "production-monitoring-alert-drill",
   "category": "operations",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation",
    "effectiveness"
   ],
   "name": "正式監控、分群、告警與接手演練",
   "proves": "品質、依據、安全、權限、成本、延遲、人工與申訴訊號能依版本及重要群體被偵測與處理。",
   "collect": "保存指標定義、分母、基準、版本／分群儀表板、告警規則、合成事件、通知送達與值班處置。",
   "verify": "端到端注入合成異常，測夜間、Owner 缺席與通道中斷，確認能停止、轉人工並留下關單結果。",
   "protect": "儀表板去識別；原始輸入輸出、查詢與受影響者資料限制存取並依保存期刪除。",
   "stale": "用途、版本、流量分布、指標、門檻、資料管線、通知或值班流程改變後需重新演練。",
   "owners": "SRE／平台、品質／ML、業務 Owner、事件值班"
  },
  {
   "slug": "trace-reconstruction-integrity",
   "category": "operations",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "operation",
    "effectiveness"
   ],
   "name": "端到端稽核 Trace 重建與完整性檢查",
   "proves": "可從一筆正式成果重建用途、版本、身分、政策、輸入輸出、批准、工具呼叫與外部狀態。",
   "collect": "用共同工作 ID 串接各系統時間、最小必要欄位、版本、決策、錯誤與結果；保存完整性與存取日誌。",
   "verify": "隨機抽樣重建時間線，測時鐘偏差、缺欄、輪替、未授權修改及跨系統關聯遺失。",
   "protect": "不得為可追溯而無限制保存原文；敏感內容採遮罩、參照或 hash，存取分權並記錄查閱。",
   "stale": "trace schema、時鐘、共同 ID、系統相依、保存、遮罩或存取政策改變後需重驗。",
   "owners": "平台／SRE、資安、隱私、稽核／品質"
  },
  {
   "slug": "incident-response-recovery-drill",
   "category": "operations",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation",
    "effectiveness"
   ],
   "name": "AI 事件、止血、回復與更正演練",
   "proves": "異常發生時能分流、保全證據、停用、撤權、回復、補償並交由有權角色判斷通知與更正。",
   "collect": "保存情境、時間線、分工、第一時間、證據清單、停止與回復結果、通知決策、受影響者更正及改善。",
   "verify": "演練敏感輸出、跨權限、未批准動作、供應商中斷與證據即將輪替，核對外部實際狀態。",
   "protect": "演練用合成資料；真實事件證據限制存取、依法與契約保存，通知判斷由有權角色負責。",
   "stale": "架構、資料、工具、值班、供應商、法規／契約、停止或回復路徑改變後需重演。",
   "owners": "事件指揮、資安／隱私、平台、業務／客服／法務"
  },
  {
   "slug": "vendor-change-continuity-exit",
   "category": "operations",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "types": [
    "design",
    "operation",
    "effectiveness"
   ],
   "name": "供應商變更、韌性、資料取回與退場證據",
   "proves": "外部模型或服務的版本、限流、中斷、資料處理與退場風險有 Owner、替代與實測處置。",
   "collect": "保存供應商清單、實際版本／設定、SLA、子處理者、變更通知、演練、資料匯出／刪除與憑證撤銷。",
   "verify": "模擬限流、中斷、輸出改變與退場，驗證降級、固定版本、資料可攜、刪除及舊憑證失效。",
   "protect": "契約、帳務、內部架構與客戶資料依權限分開；截圖移除帳號、金鑰與不必要識別。",
   "stale": "供應商、方案、模型、版本、區域、SLA、子處理者、資料出口或備援設計改變後更新。",
   "owners": "供應商 Owner、採購／法務、平台／SRE、資料 Owner"
  }
 ]
}