DSI 001 · Coherence

Governance Coherence Addendum

Design adequacy is not enough. The GBI tests whether governance is structured correctly; the GCI tests whether it was actually exercised. Compliant and Certified results require both.

DSI 001 Version 1.0. Effective [25 June 2026].

Designed, and exercised

Governance Coherence addresses the most significant limitation of design-only assessment: the gap between documented governance architecture and actual operational practice.

An organisation may hold governance documentation of excellent quality while the controls it describes are not exercised in operation. The design read alone cannot tell the difference. Coherence closes that gap by evaluating whether the architecture was used, across a defined window, before a result can carry a Compliant or Certified classification.

Compliant and Certified determinations require demonstration of operational coherence, not design adequacy alone. The Assessed tier remains a design adequacy assessment and is not modified by this Addendum.

Not a seventh dimension

Governance Coherence is not an additional dimension. It is an evaluation layer applied across all six existing dimensions, which preserves the scoring architecture while adding operational verification. The GBI evaluates whether governance is appropriately structured for the system's risk profile; the GCI evaluates whether that structure is actually exercised. Together they determine certification tier eligibility.

The parallel is the SOC 2 Type I and Type II distinction. The GBI corresponds to Type I, point-in-time design adequacy. Coherence corresponds to Type II, operational effectiveness over a defined period.

Unlike SOC 2, which permits a single engagement, DSI 001 requires a minimum 180-day separation between the GBI design assessment date and the commencement of the coherence evidence window. The design read and the practice read cannot be taken at the same moment.

The three coherence components

Authority Adherence

Whether operational decisions occurred within the authority boundaries defined in the governance architecture. A pattern of systematic boundary violations, where decisions consistently operate at autonomy levels above those defined, is a critical coherence finding requiring remediation before certification can be issued or maintained.

Decision logs showing the authority level applied at each consequential action
Escalation records for decisions exceeding defined autonomy thresholds
Override logs, with authorisation records, where automated decisions were superseded

Control Exercise

Whether specified governance controls were performed at the required cadence and depth during the assessment window. The absence of any recorded exceptions is a negative indicator: real deployments always produce edge cases and governance events, so zero exceptions suggests the process is not being exercised, or that exception recording is not functional.

Governance meeting records with timestamps, attendance and decisions
Approval documentation for system changes, autonomy changes and provider substitutions
Monitoring reports and incident records showing governance processes were triggered

Drift Detection

Whether the system's operational behaviour has diverged from the governance assumptions made at the most recent assessment. Drift is specific to autonomous systems, which can change their own effective behaviour after deployment through model updates, data changes and scope expansion, without any deliberate decision by the organisation.

Model version tracking with change impact assessments
Deployed scope compared against assessed scope
Decision pattern analysis and provider change records

Drift detection relies on the D6 two-layer model: the runtime enforcement log and the model knowledge package registry, with a queryable traversal path between them. It is the component that distinguishes coherence from standard audit methodology, and the reason coherence is reassessed periodically rather than certified once.

The Governance Coherence Index

The GCI is scored from 0.0 to 1.0 for each dimension, where 1.0 represents full operational coherence: controls exercised at the required frequency and depth, no authority boundary violations, and no measurable drift. Dimensional scores are reported individually to preserve diagnostic value, not collapsed into a single number that hides where the weakness sits.

The GCI modifies the effective certification posture. Strong governance design with poor operational coherence is degraded to reflect operational reality. Designing governance well and not exercising it does not earn the higher tier.

On the scoring mechanics

The method by which the GCI modifies the dimensional scores, the dimensional weighting, the coherence thresholds for each tier, and the calibration tolerances sit in the implementation materials issued to accredited assessors. They are not published. This page describes what coherence measures and why both reads are required.

Evidence and the assessment window

Coherence is graded against the same evidence hierarchy the standard uses throughout. Tier 1, infrastructure-generated, is the most reliable because it is contemporaneous and cannot be retrospectively assembled. Tier 2 is contemporaneous documentation. Tier 3 is reconstructed documentation, acceptable only for the Assessed tier. Tier 4 management representation is excluded from coherence.

Tier	Evidence type	Coherence use
Tier 1	Infrastructure-generated: automated decision logs, enforcement and override records, drift monitoring outputs	Required for Certified across D1, D2 and D6
Tier 2	Contemporaneous documentation: governance meeting records, approval and escalation logs, manual review records	Expected standard for D3, D4 and D5
Tier 3	Reconstructed documentation: assembled retrospectively from available records	Assessed tier only. Not accepted for Compliant or Certified coherence

The minimum coherence assessment window is 180 days, and it must be continuous. Assessors sample governance artefacts across the entire window, not only the period immediately before assessment, checking presence, timeliness and completeness. Where system downtime exceeds 30 cumulative days within the window, the assessor must determine whether the remaining period provides a sufficient basis for a coherence determination.

Evidence reviewed during assessment is held under confidentiality obligations equivalent to financial audit work. Raw operational evidence provided to the assessor is destroyed after assessment under the engagement terms, while the assessment work papers are retained, so that the governance record of the assessment itself is preserved without retaining sensitive operational data. The full evidence record structure is defined in the Evidence Infrastructure Standard.

How a result is reported

Every Compliant and Certified report separates design adequacy findings from operational coherence findings, so that a reader can see not only the result but the basis for it. Each report contains the executive summary, including certification tier, GBI score, GCI scores and scope; the scope and assessment window; the design adequacy assessment with GBI dimensional scores and findings; the governance coherence assessment with GCI dimensional scores and findings; an evidence summary, with the evidence tier used per dimension and gaps noted; findings and observations classified by severity; and the scope limitation and disclaimer.

Every such report carries a standing limitation: certification covers the governance design and operational coherence of the system during the stated window. It does not guarantee future performance or the absence of adverse outcomes, and it is subject to reassessment on the occurrence of a material change event.

Staying current: reassessment triggers

The following events invalidate a coherence assessment and require reassessment before certified status can be maintained.

A material increase in the system's autonomy level, of more than one Autonomy Gradient level
Substitution of a primary AI provider or model
Significant expansion of operational scope beyond the scope assessed
A material incident in which the governance architecture was engaged, tested or found insufficient
Discovery of systematic governance drift identified outside the normal cycle
A government action, including a supply-chain risk designation, affecting the primary AI provider or any material component of the decision supply chain

Organisations must notify their accredited assessor of a triggering event within 60 days of occurrence. Continued use of a certification after a triggering event, without initiating reassessment, is a certification breach.

Where a breach is established, the certification is void from the date of the triggering event, and any reliance placed on it after that date was placed on an invalid signal. The Decision Standards Institute will notify affected institutional parties where it becomes aware of a breach, including insurers, regulators or counterparties known to have relied on the certification. This is what gives the signal its integrity: it can be withdrawn, and reliance can be told that it has been.

Status and limits. A GBI score carries evidential value only when issued by an accredited DSI 001 assessor against the methodology; self-scored or indicative figures are not DSI 001 results. DSI 001 does not determine legal compliance, regulatory approval, insurability, creditworthiness, or the discharge of fiduciary duties. It provides a scoped governance classification and evidence record that may be relevant to those analyses.