Stage 04 of 05 · The maturity model

Stage 04 Governed

Reviews, owners, audits, and evaluations exist.

Find your stage →See the full model
  1. 01 Experimental
  2. 02 Shared
  3. 03 Operational
  4. 04 Governed
  5. 05 Production-Ready
Stage 04

Governed

Reviews, owners, audits, and evaluations exist.

There is a registry, named owners, change reviews, and evaluations. The controls exist on paper and in process. The hard part is keeping them complete as the agent estate keeps growing.

What makes it different

The organisation can describe how every agent should behave — the remaining gap is between the policy and the running system.

Primary risk

Coverage gaps and control drift. Policies exist, but enforcement lags behind what agents are actually doing.

Next control to fix

Add runtime enforcement — policies that block, scope, or escalate at the moment of action, not after the fact.

The six control surfaces

What the controls look like at this stage

Maturity is measured across six control surfaces. Here is where a mature organisation — one sitting at Stage 04 — typically stands on each.

Inventory

Mature

A complete, current registry. Every agent has a purpose, an owner, and a defined scope of access.

Ownership

Mature

Every agent has a named owner accountable for behaviour, change, incident response, and risk acceptance.

Runtime visibility

Mature

Every tool call, data access, and decision is logged, attributable, and visible in real time.

Access control

Mature

Least-privilege scopes granted, narrowed, and revoked without code changes. Agent identity is distinct from user identity.

Evaluations

Mature

Quality, safety, and policy compliance tested continuously in production. Drift and regressions caught automatically.

Governance

Mature

Runtime enforcement — policy that blocks, scopes, or escalates the instant an agent acts.

The move that matters

Advancing to Stage 05 — Production-Ready

You do not skip stages. You close the gap in front of you, and only one control matters most right now.

Do this next

Add runtime enforcement — policies that block, scope, or escalate at the moment of action, not after the fact.

05 Production-Ready Agents are monitored and controlled at runtime. See Stage 05 →
Common questions

Stage 04 — Governed, answered.

Short answers for teams placing themselves at the Governed stage of the agent operational maturity curve.

What is Stage 04 (Governed) of the agent maturity model?

There is a registry, named owners, change reviews, and evaluations. The controls exist on paper and in process. The hard part is keeping them complete as the agent estate keeps growing. In short: reviews, owners, audits, and evaluations exist.

What is the main risk at the Governed stage?

Coverage gaps and control drift. Policies exist, but enforcement lags behind what agents are actually doing.

How do you move beyond the Governed stage?

Add runtime enforcement — policies that block, scope, or escalate at the moment of action, not after the fact. That is what takes an organisation from Stage 04 (Governed) to Stage 05 (Production-Ready).

Is your organisation at Stage 04?

Take the free Agent Operational Maturity Assessment — seven minutes, no email required to see your stage and the highest-risk gap to close next.

Take the assessment →