What the Function Maintains
Per AI capability: why this tool, why this configuration, why this control — articulated in capability terms, not vendor names.
One-Page Posture Statement Row
As of [date], the function maintains methodology documentation for [N] capabilities, versioned against current model versions.
The Auditor's Question
"Show me why you chose this approach and how you would explain it without naming the vendor."
Editorial Framing
Methodology transparency is Element 2 because it protects the function from vendor lock-in and model drift simultaneously. A function that can describe its methodology in capability terms — not vendor names — can switch vendors without rebuilding the methodology. A function that has versioned its methodology against the current model version knows when drift triggers a re-evaluation.
Evidence Artefacts
- Methodology document per capability
- Version-pinned methodology (mapped to model version)
- Vendor-agnostic capability descriptions
- Configuration record with rationale
Common Failure Modes
- Methodology articulated in vendor-product terms ("we use [vendor]") rather than capabilities
- Methodology unversioned — drift detection becomes impossible
- Configuration rationale undocumented — the team knows but cannot articulate