Executive evidence room
The WHPS answer file for governance, ownership, and delivery control.
This hub turns the transformation into a controlled evidence set: RACI, operating model, coding standards, approved tools, product selection, architecture decisions, release gates, EDE certification artifacts, runbooks, risks, and monthly operating packets.
Reviewer cockpit
Owner -> decision -> control -> evidence -> risk
Leadership asks
What are we building, who owns it, when does it release, what value is expected, and what risk remains?
Architecture asks
What are the system boundaries, integration patterns, trust zones, data flows, and decision records?
Security asks
Which tools, models, data classes, certificates, identities, logs, scans, and approvals are controlled?
Consultants ask
Where is the RACI, coding standard, tool registry, product selection matrix, runbook, and audit packet?
Answer control tower
Every question is answered by a policy, procedure, diagram, evidence artifact, and owner.
The maturity standard is simple: no verbal-only answer. If a reviewer asks how WHPS does something, the response points to a controlled artifact, a procedure, an accountable role, a diagram, and current evidence.
| Reviewer question | Policy answer | Procedure answer | Diagram answer | Evidence answer | Decision owner |
|---|---|---|---|---|---|
| What is the overall transformation strategy? | Executive Transformation Charter and portfolio prioritization policy. | Portfolio intake, value scoring, risk tiering, and quarterly roadmap refresh. | Transformation System Map and four-platform mega architecture. | Roadmap, workstream backlog, value ledger, risk register. | Executive Sponsor + Transformation Lead. |
| What is the target architecture? | Target Architecture Standard and domain-service decomposition policy. | Architecture decision record, domain mapping, integration pattern selection, migration bridge validation. | Cloud-native, AI-native Health Plan Platform and Membership Management Target Architecture. | Legacy context translation, API/event catalog, membership model, lineage, parity and decommission evidence. | Architecture Board + Transformation Lead + Product Owners. |
| Are these diagrams legacy, transition, or to-be? | Architecture Artifact Classification Standard: every diagram is labeled as-is, transition, to-be, or control/evidence. | Diagram intake, source validation, lane classification, assumptions review, and artifact promotion. | Architecture Lanes, Legacy Discovery Backlog, and To-Be Diagram Roadmap. | Source diagram register, dependency inventory, target implication log, diagram owner, freshness date. | Architecture Board + Modernization Office. |
| AI-assisted delivery governance | AI Acceptable Use, AI SDLC, model/tool approval, and human oversight policies. | Use-case registration, risk tiering, scoped work execution, eval gate, release packet. | WHPS AI Factory methodology and governance/RACI operating model. | AI inventory, AI BOM, eval report, approval record, monitoring output. | Transformation Lead + AI Review Board target forum. |
| Tool-agnostic delivery model | Model and tool portability policy: approved categories, adapters, data boundaries, exit path. | Model gateway selection, tool gateway approval, replacement test, rollback procedure. | Model-agnostic methodology diagram and approved tool registry view. | Model selection log, adapter decision record, eval comparison, substitution test. | Architecture + Security and Privacy. |
| Product and platform selection | Product selection and architecture decision policy. | Weighted scoring, security review, integration proof, cost review, ADR approval. | Product selection matrix and platform shared-services map. | Scoring worksheet, ADR, TCO, pilot scorecard, risk decision. | Architecture Board + Finance + Product Owner. |
| Regulated data and PHI/PII controls | Data classification, privacy, retention, masking, logging, and access policies. | Data source onboarding, DPIA, access review, RAG ingestion, log redaction, deletion procedure. | Network/security/certificate map and data lineage view. | Data map, lineage record, access matrix, retention decision, audit sample. | Security and Privacy + Data Steward. |
| Release quality proof | Release gate, secure SDLC, test, and exception management policies. | Build verification, test/eval execution, security review, rollback proof, release packet assembly. | Release evidence packet flow and service test harness. | Test output, eval report, scan report, approval, deployment ID, rollback plan. | Transformation Lead + QA/Evaluation + CAB. |
| Exception handling | Risk acceptance and POA&M policy. | Exception request, compensating control review, expiry date, owner assignment, remediation tracking. | Governance/RACI operating model and monthly packet flow. | Risk acceptance form, POA&M row, residual risk statement, approval trail. | Security and Privacy for risk; Executive Sponsor for high residual risk. |
| BrokerLink EDE certification | EDE certification, privacy/security audit, and CMS change-control policy. | NOI, auditor engagement, toolkit evidence, BRA, PIA, SSPP, MARS-E, mini-audit response. | EDE certification control flow and BrokerLink/EDE architecture. | CMS toolkit output, raw evidence, SAR, POA&M, audit response, approval record. | BrokerLink Product Owner + Compliance/Legal. |
| Mainframe modernization without operational disruption | Mainframe migration, dual-run, cutover, rollback, and decommission policies. | Inventory, disposition, facade, parity testing, reconciliation, cutover, decommission ledger. | Mainframe migration factory and strangler architecture. | Dependency graph, parity scorecard, reconciliation report, retired interface proof. | Mainframe Modernization Office + Operations. |
| Post-go-live operations | Operations readiness, incident response, SLO, access review, and runbook policies. | Support acceptance, on-call setup, monitoring, incident triage, certificate rotation, rollback drill. | Runbook matrix and network/security/certificate control map. | Runbook, alert rule, incident record, access review, rotation log, post-incident review. | Ops/Support + Security for sensitive incidents. |
Transformation taxonomy
Products, platforms, control planes, and programs are not the same layer.
This section gives reviewers a precise vocabulary so the AI SDLC Factory does not get confused with a portal product, and the migration program does not get confused with a shared platform service.
Products
ServiceLink Portal, BrokerLink Portal, GroupLink Portal, Contact Center AI
Customer, broker, group, and service-team experiences with product owners, roadmaps, backlog, UAT, and adoption metrics.
Shared platform
IAM, API gateway, service mesh, data services, observability, evidence vault
Reusable technical services used by the products and migration waves. These are governed as platform capabilities, not one-off project utilities.
Target control plane
WHPS AI SDLC Factory, model gateway, tool gateway, AI inventory, release packet
Model-agnostic delivery controls for low-code, pro-code, and multi-agent work. Models and tools are interchangeable behind policy, evaluation, and evidence requirements.
Migration program
Mainframe modernization, dual run, parity proof, decommission ledger
Legacy exit workstream with its own inventory, disposition, facade, data migration, cutover, rollback, and savings capture gates.
Evidence system
RACI, ADRs, standards, tool registry, risk register, POA&M, audit packets
Management evidence that proves decisions, ownership, controls, exceptions, release readiness, and operating performance.
Target operating model
Governance bodies and roles are defined before reviewers ask who approves what.
These bodies should be treated as the target governance structure until formal WHPS approval confirms they are operating. The names align to the source governance framework and the release controls already in the AI SDLC page.
AIGC
Strategy and risk appetite
AI Governance Council
- Chair: Chief AI Officer target role.
- Members: CIO, CTO, CISO, CLO, CCO, CHRO, business leaders.
- Owns AI policy, standards, portfolio risk, executive reporting.
AIRB
Use-case and release review
AI Review Board
- Chair: Responsible AI Program Leader target role.
- Members: AI ethics, compliance, security, data science, legal, SMEs.
- Approves high-risk AI use cases, remediation, monitoring, exceptions.
Release
Architecture, security, QA, CAB
Delivery gate forum
- Architecture, security, privacy, QA, compliance, operations, CAB.
- Reviews release packets, scans, evals, rollback, and residual risk.
- Escalates policy conflicts to AIGC and high-risk use cases to AIRB.
Policy-to-procedure crosswalk
The governance library is organized as enforceable operating controls, not slogans.
Policies define expectations, procedures make them executable, diagrams make them explainable, and evidence packets prove they operated. This keeps the framework independent of any single model, platform, or tool.
| Policy document | Required procedures | Minimum evidence | Mapped framework | Review cadence |
|---|---|---|---|---|
| AI Acceptable Use and Human Oversight Policy | AI use-case intake, prohibited-use review, human approval routing, high-risk escalation. | Use-case record, risk tier, human oversight model, approval or rejection decision. | NIST AI RMF Govern/Map; OWASP LLM authorization and agency risks. | Quarterly or when a new AI capability class is introduced. |
| Model and Tool Portability Policy | Model gateway onboarding, adapter approval, tool gateway registration, substitution test, exit path. | Adapter ADR, model/tool registry row, evaluation baseline, rollback plan, replacement test result. | NIST AI RMF Manage; supplier and third-party risk controls. | Monthly for active pilots; quarterly for approved patterns. |
| Secure SDLC and Coding Standards Policy | Secure design review, code review, dependency review, test execution, accessibility check, release packet. | Change record, review record, CI output, scan output, eval report, approval trail. | NIST SSDF Prepare/Protect/Produce/Respond; secure-by-design practice. | Every release; standards reviewed quarterly. |
| Data Classification, Privacy, and Retention Policy | Data source onboarding, lineage mapping, masking, log redaction, retention, deletion, access review. | Data inventory, lineage record, DPIA/privacy review, access matrix, retention decision. | NIST AI RMF Map/Measure; privacy/security audit expectations. | Every new data source and quarterly access recertification. |
| Prompt, Retrieval, and Knowledge Governance Policy | Prompt versioning, source approval, RAG ingestion, citation testing, freshness review, unsafe-output handling. | Prompt record, source registry, retrieval eval, citation trace, knowledge backlog item. | OWASP LLM prompt injection, sensitive disclosure, misinformation, and supply-chain risks. | Every prompt/source change and monthly knowledge-quality review. |
| Architecture Decision and Product Selection Policy | Option scoring, architecture review, security/privacy review, cost review, ADR approval, exception routing. | Decision matrix, ADR, risk assessment, TCO, pilot results, signoff. | Enterprise architecture decision records and portfolio governance. | Every material platform decision; annual portfolio refresh. |
| Release, Change, and Exception Policy | Release readiness, gate review, rollback validation, exception request, POA&M tracking, post-release review. | Release packet, failed-gate record, exception approval, rollback proof, monitoring output. | NIST SSDF Respond; change-management and operating-risk controls. | Every release and monthly exception review. |
| EDE Certification and CMS Oversight Policy | CMS onboarding, audit engagement, toolkit evidence, privacy/security audit, BRA, mini-audit response. | NOI, auditor record, toolkit outputs, PIA, SSPP, SAR, POA&M, approval record. | CMS EDE audit and direct-enrollment oversight expectations. | Per CMS audit cycle and every EDE-impacting release. |
| Mainframe Migration and Decommission Policy | Inventory, dependency graph, disposition, dual-run, reconciliation, cutover, rollback, retirement proof. | Wave plan, parity scorecard, reconciliation report, support acceptance, decommission ledger. | Modernization factory, strangler, anti-corruption, and cutover runbook patterns. | Every migration wave and monthly savings review. |
| Operations Readiness and Incident Response Policy | Runbook creation, SLO definition, alert setup, access review, incident triage, post-incident review. | Runbook, SLO dashboard, incident record, communication log, corrective action, closure evidence. | NIST AI RMF Manage; secure operations and resilience controls. | Every go-live, monthly operating review, and after incidents. |
Control maturity model
Five levels of evidence maturity for the transformation.
This gives leadership a defensible view of current operating controls, target controls, and the evidence required to move from one maturity level to the next.
Level 0
Unstated
No artifact, no owner, no decision record. Verbal explanation only. Not acceptable for release.
Level 1
Documented
Policy or strategy exists, but procedure, evidence, and cadence are not yet proven.
Level 2
Proceduralized
Procedure, RACI, required artifacts, and approval path are defined and repeatable.
Level 3
Evidence-backed
Procedure has operated on a real release, audit packet, migration wave, or incident.
Level 4
Measured
Controls produce trend data: failures, exceptions, cycle time, incidents, drift, value, and remediation.
Level 5
Assured
Independent review, audit sampling, executive signoff, and continuous improvement close the loop.
Consultant-proof document library
The document set reviewers will ask for before they believe the program is controlled.
Each artifact has a reason to exist, a named owner pattern, and a clear release implication. The evidence hub presents the full control catalog instead of forcing leaders to invent answers live.
Executive Transformation Charter
- Sponsor intent, scope, success metrics, funding logic.
- Workstreams: portals, Contact Center AI, AI SDLC, mainframe.
- Decision rights and escalation path.
Operating Model
- AI Governance Council, AI Review Board, architecture review.
- Weekly product, architecture, and release gate cadence.
- Operations, incident, support, and value governance.
RACI Matrix
- Accountability by artifact, phase, and release gate.
- Executive, product, architecture, engineering, security, QA.
- One accountable owner per decision row.
AI SDLC Methodology
- Intake, risk tiering, design, build, eval, release, monitor.
- Model gateway, prompt registry, tool gateway, scoped agents.
- Evidence packet and rollback controls.
Coding Standards
- Secure coding, tests, accessibility, API contracts.
- AI-generated code review, dependency hygiene, change evidence.
- Low-code and pro-code release expectations.
Approved Tools Registry
- Approved, restricted, pilot, and prohibited tool categories.
- Allowed data classifications and PHI/PII restrictions.
- Owner, review date, audit log, exception path.
Product Selection Matrix
- Evaluation criteria, scoring, options considered, rationale.
- Build, buy, partner, and target-state recommendation.
- Architecture, security, finance, and product approval.
Architecture Decision Records
- Context, options, decision, tradeoffs, status, consequences.
- Linked diagrams, risks, owners, and superseded decisions.
- Prevents relitigating approved platform choices.
Target Architecture Library
- L0 executive, L1 system, L2 workflow, L3 control diagrams.
- Trust zones, ports, endpoints, certificates, and dependencies.
- Stakeholder-specific diagram usage guide.
Platform Evidence Register
- ClaimsLink, MarketLink, GroupLink, ReconLink, and Prior Auth surfaces.
- Launch URLs, local proof paths, videos, and pending evidence gaps.
- MarketLink evidence showcase connects live products to strategy, roadmap, and audit readiness.
Security Controls Catalog
- IAM, RBAC, mTLS, encryption, secrets, WAF, SIEM, scans.
- Threat modeling, vulnerability handling, incident control.
- Mapped to release and operating evidence.
Data Governance and Lineage
- Data domains, stewards, source of record, retention.
- Test data, masking, reconciliation, consent/AOR evidence.
- RAG source freshness and deletion rules.
EDE Certification Evidence Hub
- CMS onboarding, API tests, RIDP, PIA, SSPP, MARS-E.
- Business Requirements Audit and raw toolkit evidence.
- Mini-audit, approval, go-live, and change trace.
Risk Register and POA&M
- Risk ID, owner, impact, mitigation, due date, residual risk.
- EDE, privacy, model, migration, finance, and operational risks.
- Linked evidence and exception decisions.
Release Gates and Evidence Packets
- Gate criteria by risk tier and workstream.
- Tests, evals, scans, approvals, rollback, deployment ID.
- Immutable packet for audit, CAB, and executive review.
Runbooks and Operational Readiness
- Deploy, rollback, outage, incident, certificate rotation.
- CMS/EDE outage, contact center failover, mainframe dual run.
- On-call, escalation, and support acceptance.
Financial Value Ledger
- Baseline cost, investment, savings, adoption, and value owner.
- Mainframe decommission, contact center productivity, run-cost.
- Monthly value review and variance explanation.
Procedure catalog
Repeatable procedures for controlled execution.
Each procedure is designed to be tool-agnostic. The procedure defines required inputs, steps, approvals, outputs, and evidence. Any approved tool must conform to the procedure, not the other way around.
| Procedure | Trigger | Required steps | Outputs | Blocked if missing |
|---|---|---|---|---|
| AI use-case intake and risk tiering | Any new AI-enabled product, workflow, agent, model, prompt, or automation. | Register owner, intended use, data classes, user impact, autonomy, reversibility, and oversight model. | AI inventory row, risk tier, required controls, release gate checklist. | AI work cannot enter production pilot. |
| Model and adapter onboarding | New model class, runtime, provider, adapter, or material version change. | Define purpose, data boundary, latency/cost target, eval suite, fallback path, and retirement plan. | Model gateway record, adapter ADR, eval baseline, rollback decision. | Model cannot be used for regulated or customer-impacting flows. |
| Tool gateway approval | Any agent, automation, or delivery workflow needs tool access. | Classify tool, define scope, allowed data, identity, egress, logging, expiry, and exception owner. | Approved tool registry row, tool-call trace requirement, access review date. | Tool cannot access WHPS workspaces, data, or release paths. |
| Architecture decision record | Material decision on product, platform, integration, data, AI, security, migration, or operations. | Capture context, options, criteria, decision, tradeoffs, risks, consequences, status, owner. | ADR, linked diagram, risk update, implementation guardrails. | Architecture review cannot approve the decision. |
| Data source onboarding | New source feeds a portal, RAG store, analytics product, AI workflow, or service test. | Assign steward, classify data, map lineage, retention, masking, freshness, access, logging, deletion. | Data inventory, lineage map, access matrix, privacy review, source freshness test. | Source cannot be used for production AI or customer-facing decisions. |
| Prompt and retrieval change control | Prompt, instruction set, retrieval corpus, ranking, citation, or guardrail changes. | Version change, run regression, prompt-injection, grounding, refusal, citation, and unsafe-output tests. | Prompt record, retrieval eval, citation trace, approved source list, rollback version. | AI suggestion or answer automation cannot be promoted. |
| Secure build and change review | Material code, configuration, infrastructure, workflow, or data pipeline change. | Review requirements trace, secure design, code review, tests, scans, accessibility, dependency evidence. | Change record, review record, build output, test/eval report, scan report. | Release gate packet cannot be assembled. |
| Release packet assembly | Any release candidate for portal, AI workflow, EDE capability, migration wave, or service automation. | Collect scope, risks, test output, eval output, scan output, approvals, rollback, monitoring, support. | Immutable release packet, deployment ID, rollback plan, monitoring link, exception list. | CAB or release gate cannot approve production promotion. |
| Exception and POA&M management | Failed control, deferred remediation, temporary acceptance, audit finding, or operational risk. | Record issue, owner, severity, compensating control, expiry, remediation date, residual risk approval. | Exception record, POA&M row, residual risk statement, closure evidence. | High-risk exception cannot proceed without named approval. |
| EDE certification evidence assembly | BrokerLink EDE release, CMS audit cycle, toolkit update, or privacy/security control change. | Package toolkit output, screenshots, API traces, BRA mapping, PIA, SSPP, SAR, POA&M, training proof. | Certification evidence binder, audit response, remediation plan, approval status. | EDE go-live or material change cannot proceed. |
| Mainframe migration wave control | New wave moves or retires mainframe transaction, batch, data, or file responsibility. | Inventory, dependency graph, disposition, facade, data mapping, dual-run, parity, cutover, rollback. | Wave packet, parity scorecard, reconciliation, support acceptance, decommission ledger. | Cutover cannot proceed and savings cannot be counted. |
| Operational readiness and support acceptance | Any production-facing release or new operational dependency. | Confirm runbook, SLOs, alerts, on-call, access, incident path, backup/restore, support training. | Ops readiness checklist, support signoff, runbook, alert evidence, escalation tree. | Broad rollout cannot proceed. |
| Incident response and post-incident review | Security, privacy, AI safety, customer impact, EDE, outage, data quality, or migration incident. | Classify, contain, preserve evidence, notify roles, remediate, communicate, review, update controls. | Incident record, timeline, root cause, corrective actions, evidence archive, policy update. | Incident cannot close without corrective-action ownership. |
| Monthly governance and value review | Monthly operating cycle and executive steering review. | Aggregate releases, risks, exceptions, incidents, EDE status, migration waves, adoption, cost, value. | Monthly operating packet, value ledger, risk heatmap, decisions needed, next-month control plan. | Executive status cannot be presented as evidence-backed. |
RACI matrix
Decision rights across products, AI SDLC, security, compliance, and operations.
R = Responsible, A = Accountable, C = Consulted, I = Informed. Each row has exactly one accountable owner so the program does not diffuse responsibility when pressure arrives.
| Decision / artifact | Executive Sponsor | Transformation Lead | Product Owners | Architecture | Engineering | Security & Privacy | Compliance / Legal | QA / Evaluation | Ops / Support | Finance / PMO |
|---|---|---|---|---|---|---|---|---|---|---|
| Transformation charter, scope, funding, and success metrics | A | R | C | C | I | C | C | I | I | R/C |
| ServiceLink, BrokerLink, GroupLink, Contact Center AI product scope | C | A | R | C | C | C | C | C | I | I |
| Target architecture, platform patterns, ADR approval | I | C | C | A/R | C | C | C | I | C | I |
| AI use-case intake, risk tier, model/tool/data registration | I | A | R | C | C | C | C | C | I | I |
| Approved tools, model gateway policy, data handling exceptions | I | C | C | C | C | A/R | C | I | C | I |
| Coding standards, branch policy, test policy, AI-generated code review | I | C | C | C | A/R | C | I | C | I | I |
| Release gate packet: tests, evals, scans, approvals, rollback | I | A | R/C | C | R | C | C | R | C | I |
| EDE certification package, BRA evidence, CMS audit response | I | A | R | C | R/C | R/C | C | R/C | I | I |
| Mainframe migration wave readiness, dual run, cutover, decommission | C | A | C | R/C | R | C | I | R/C | R/C | C |
| Production incident response, rollback, customer impact communication | I | A | C | C | R/C | C | C | C | R | I |
| Monthly operating packet, value ledger, risk register, POA&M | A | R | R/C | C | I | C | C | C | C | R/C |
Diagram answer library
Which diagram answers which architecture, governance, security, and operations question.
The site should never rely on one giant picture for every audience. These diagram views are the standard meeting answers, with a defined audience and the evidence each diagram must connect to.
| Question pattern | Diagram to use | Depth | Evidence it must link to | Follow-up artifact |
|---|---|---|---|---|
| What are the major platforms and how do they connect? | ServiceLink, BrokerLink, GroupLink, and Contact Center AI Mega Architecture. | L1 system | Endpoint inventory, API gateway controls, source-system dependency map. | Target Architecture Library and product one-page briefs. |
| What work is actually underway right now? | Current Work and Proof Points. | L0 leadership / L1 product | GroupLink current/future state, BrokerLink / MarketLink evidence, audit path, staff realignment, replication model. | Current Work |
| What is the cloud-native, AI-native target state? | Cloud-Native, AI-Native Health Plan Platform. | L1 system | Target architecture statement, domain-service map, integration patterns, AI control-plane evidence. | Legacy context translation and to-be architecture ADR. |
| How does the membership management system work in the target state? | Membership Management Target Architecture. | L1 system / L2 workflow | Canonical member model, API/event catalog, coverage lineage, billing and reconciliation controls. | Membership service catalog and data lineage record. |
| Which legacy diagrams do we still need? | Legacy Discovery Backlog. | L0/L1 current-state | Application inventory, interface catalog, data store map, batch/file flow, security-zone map, operations flow. | Current-state discovery packet and dependency register. |
| What is the sourced Wipro Links / HPS current-state environment? | Wipro Links / HPS Current-State Platform Map. | L1 current-state | Wipro Links Platform Design and Architecture, AWS kickoff, ServiceLink, ExchangeLink, EMC, DataPower, MQFTE, PingFederate, PaySafe/Fiserv, DB2/MSSQL/MySQL. | Current-state baseline |
| How do AWS discovery outputs become migration decisions? | AWS Transform Discovery to WHPS Wave Factory. | L2 workflow | Native source offload, runtime evidence, MRA gaps, call/data/batch/interface graphs, wave scoring, parity gates, decommission ledger. | Discovery-to-wave factory |
| Which integration pattern applies to each dependency? | WHPS Integration Pattern Catalog. | L2 workflow / L3 control | API, event, MQ, EDI, SFTP/MQFTE, DB, batch, print, payment, CRM, CMS/FFM, carrier dependency inventory. | Interface dependency register and architecture pattern ADRs. |
| Which to-be diagrams are required? | To-Be Diagram Roadmap. | L1/L2/L3 target-state | Target platform L1, membership domain, network/security, integration fabric, data lineage, AI control plane, SRE operations. | Target Architecture Library and diagram production plan. |
| How does AI delivery work without tying the program to a single tool? | WHPS AI Factory Model-Agnostic Methodology. | L2 workflow | AI inventory, model gateway log, tool gateway trace, eval report. | AI SDLC Methodology and approved tools registry. |
| How are governance bodies, RACI, evidence, and monthly packets connected? | Governance, RACI, and Evidence Operating Model. | L2 workflow | RACI matrix, release packet, risk register, POA&M, value ledger. | Operating model and monthly evidence packet. |
| How do we answer predictable consultant document requests? | Consultant Artifact Response Map. | L0 context | Artifact library, policy crosswalk, procedure catalog. | Reviewer question map and document control index. |
| How does BrokerLink handle EDE and CMS certification? | EDE Certification Control Flow and BrokerLink/EDE Portal Architecture. | L2 workflow / L1 system | CMS toolkit output, PIA, SSPP, SAR, POA&M, BRA evidence. | EDE certification evidence hub. |
| What are the security zones, ports, certificates, and partner boundaries? | Network, Security, and Certificate Control Map. | L3 control | Certificate inventory, firewall policy, mTLS evidence, SIEM correlation IDs. | Security controls catalog and certificate rotation runbook. |
| How does Contact Center AI stay accountable? | Contact Center AI Operating Architecture and Omnichannel Service Experience Test Harness. | L1 system / L3 control | Transcript, citations, agent approval, QA score, CRM staged writeback. | Contact Center AI readiness packet and service test evidence. |
| Is Contact Center AI only a voice-call solution? | Omnichannel Contact Center AI Architecture and Service Experience Test Harness. | L1 system / L2 workflow | Channel inventory, identity/consent policy, normalized transcript/message record, routing log. | Omnichannel service validation packet. |
| How is PHI/ePHI protected when AI assists service work? | AI Contact Center Security and Compliance Control Plane. | L3 control | Data-classification decision, redaction log, model gateway trace, audit record, SIEM correlation ID. | PHI boundary SOP, AI red-team report, and compliance crosswalk. |
| How do mainframe migration waves avoid service disruption? | Mainframe Migration Factory. | L2 workflow | Dependency graph, parity scorecard, reconciliation, rollback, decommission ledger. | Mainframe migration evidence packet and cutover runbook. |
Contact Center AI compliance packet
Documents, procedures, and evidence reviewers will ask for.
The new security and compliance source material is captured here as an evidence-ready artifact map. It keeps the Contact Center AI story tool-agnostic: the enforced controls are architecture, policy, procedure, evidence, and approval gates.
| Artifact | What it answers | Minimum contents | Primary owner |
|---|---|---|---|
| AI Contact Center Security Architecture | Where data flows, where AI runs, and which boundaries protect member data. | Omnichannel ingress, zero trust, RBAC, private runtime boundary, secure RAG, API/tool gateway, CRM, audit, monitoring. | Architecture / security |
| PHI/ePHI Data Boundary SOP | How protected data is classified, minimized, redacted, logged, and retained. | Data classes, allowed fields, prompt-context policy, redaction rules, retention, exception handling, breach escalation. | Privacy / security |
| Secure RAG Source Control Procedure | How the system prevents uncited, stale, or unauthorized answers. | Approved repositories, source freshness, retrieval threshold, citation requirement, knowledge-gap workflow, source-owner signoff. | Knowledge owner / QA |
| Human Approval and CRM Writeback Procedure | Who approves customer-facing answers and system-of-record updates. | Approval UI, edit reason, staged payload, blocked action types, rollback handling, QA sampling, audit trail. | Service operations / product |
| Monitoring, Audit, and AI Incident Runbook | How suspicious AI behavior, data leakage, hallucination, drift, or service impact is detected and handled. | SIEM events, 24/7 monitoring, correlation IDs, incident severity, escalation bridge, replay packet, POA&M linkage. | SRE / security operations |
| AI Red-Team and Penetration Test Procedure | How prompt injection, data exfiltration, excessive agency, unsafe outputs, and access-control issues are tested. | OWASP LLM scenarios, secure SDLC gates, penetration-test schedule, remediation SLA, retest evidence. | Security / QA |
| Compliance Crosswalk | Which controls align to external expectations and how evidence is assembled. | HIPAA Security Rule safeguards, NIST 800-53, NIST AI RMF, NIST SSDF, OWASP LLM, CMS/EDE/MARS-E where applicable, SOC 2, HITRUST, PCI where applicable. | Compliance / risk |
Coding standard document
Engineering rules for low-code, pro-code, and AI-assisted delivery.
The public process is the WHPS AI SDLC Factory. It is not a proprietary coding tool. Every delivery method must leave testable, reviewable, secure, and supportable artifacts.
| Standard area | WHPS requirement | Evidence artifact | Release gate |
|---|---|---|---|
| Repository and branch hygiene | Work happens in tracked branches or isolated worktrees; changes must be reviewable and scoped to the workstream. | Branch, change record, commit message, changed-file summary, reviewer notes. | No unreviewed high-risk change reaches release. |
| Secure coding | Input validation, output encoding, secrets isolation, least privilege, no PHI/PII in logs, dependency review, and threat-model updates for risky flows. | SAST, dependency scan, threat model, secrets scan, security review record. | Blocks production for customer, EDE, PHI, payment, or identity flows. |
| API and integration contracts | Versioned contracts, explicit error handling, correlation IDs, timeout/retry policy, idempotency where needed, and backward-compatible changes. | OpenAPI/schema, contract tests, trace sample, consumer signoff. | Blocks release if critical consumers cannot test or rollback. |
| Testing and evaluation | Unit, integration, accessibility, regression, service replay, AI grounding, prompt-injection, and parity tests according to risk tier. | CI report, AI eval report, service replay transcript, parity scorecard. | Failed risk-tier tests block release or require named exception. |
| AI-generated code and content | AI output is treated as untrusted until reviewed, tested, scanned, and tied to source requirements. Prompts, model class, tool calls, and approvals are recorded when material. | AI BOM, prompt/tool trace, review notes, eval results, approval record. | High-risk AI output requires human approval and rollback plan. |
| Accessibility and usability | Customer and operator surfaces use semantic HTML, readable typography, keyboard paths, contrast, and responsive layouts. | Accessibility check, visual QA screenshot, defect list, remediation status. | Blocks external portal release when core workflow is inaccessible. |
| Documentation | Every material release updates architecture, runbook, ADR, risk, evidence packet, and support notes as applicable. | ADR, runbook, release packet, support handoff, knowledge article. | Blocks broad rollout when operations cannot support the change. |
Approved tools list
Tooling is governed by class, data boundary, and evidence requirement.
This registry avoids vendor lock-in language. WHPS approves categories, controls, and adapter patterns; the model gateway selects the best fit under policy, cost, security, and performance constraints.
| Tool category | Status | Allowed use | Data boundary | Owner | Evidence required |
|---|---|---|---|---|---|
| WHPS AI SDLC Factory orchestration | Approved pattern | Planning, coding, testing, documentation, diagram generation, release packets. | Repo and workspace scope only; PHI/PII requires approved private runtime. | Engineering + Architecture | AI inventory, tool trace, change record, evals, release packet. |
| Model gateway and adapter registry | Approved pattern | Select interchangeable models by risk tier, latency, cost, context, and data policy. | No direct model sprawl; models enter through gateway policy. | Architecture + Security | Model selection log, version, eval, rollback option. |
| Portal development platform | Approved pattern | ServiceLink, BrokerLink, GroupLink front-end and BFF delivery. | SSO/IAM, API gateway, no secrets in client code. | Engineering | Build, SAST, dependency, accessibility, API contract tests. |
| Contact center AI platform adapters | Pilot controlled | Agent assist, transcript, RAG, summarization, QA, CRM staging. | Read-only tool gateway first; PHI handling only in approved runtime. | Product + Security + Ops | Call replay, citations, agent approval, QA score, incident path. |
| EDE / CMS integration toolkit | Certification gated | BrokerLink EDE API integration, test kits, audit samples, evidence packaging. | CMS/EDE boundary, RIDP, mTLS, audit logging, geo/security controls. | Product + Compliance | API toolkit output, BRA evidence, PIA, SSPP, MARS-E mapping. |
| Mainframe modernization tooling | Target pattern | Inventory, code analysis, dependency graph, transformation candidates, parity testing. | Legacy code/data access via controlled workspace and redacted extracts. | Architecture + Engineering | Inventory, dependency graph, disposition, dual-run parity, decommission ledger. |
| Engineering and compliance automation | Controlled set | CI/CD, SAST, DAST, accessibility automation, service virtualization, observability, AIOps. | Tool access is role-based; security findings and logs are retained. | Engineering + Security + Ops | Pipeline report, scan report, exception owner, remediation SLA. |
| Unregistered public AI tools | Prohibited | No production code, PHI, PII, member, broker, group, EDE, claims, or financial data. | Not approved for WHPS data or production delivery artifacts. | Security | Exception cannot proceed without AIRB/security approval. |
Product selection
Decision matrix for selecting platforms, models, services, and partners.
This gives procurement, architecture, finance, and security a consistent way to ask hard questions without turning every tool choice into a new philosophical debate.
| Criterion | Weight | What must be proven | Evidence | Decision implication |
|---|---|---|---|---|
| Security, privacy, and compliance fit | 25% | HIPAA/PHI posture, EDE readiness, encryption, logging, IAM, data residency, audit support. | Security review, DPA/BAA as applicable, architecture controls, audit evidence. | Cannot be overridden by lower cost for regulated flows. |
| Integration fit | 18% | API compatibility, event support, SSO, mainframe coexistence, CRM, CMS/EDE, data contracts. | Reference integration, contract test, endpoint and port matrix. | Low integration fit triggers facade or adapter plan. |
| Functional capability | 17% | Portal capability, contact center AI quality, workflow support, model performance, operations features. | Demo, pilot scorecard, UAT, service replay, eval suite. | Must satisfy release-critical workflows before scale. |
| Portability and model/tool interchangeability | 12% | Standards-based APIs, adapter boundary, exportability, no hard-coded model/tool dependency. | ADR, adapter tests, rollback and substitute-provider path. | Direct lock-in requires explicit ADR and exit plan. |
| Operateability and support | 10% | SLOs, monitoring, runbooks, incident response, certificate rotation, deployment automation. | Ops readiness checklist, on-call plan, SIEM/traces, support acceptance. | Blocks production if support cannot own it. |
| Total cost and value | 10% | License, implementation, run cost, migration cost, decommission savings, productivity impact. | TCO model, value ledger, finance review, variance tracking. | Cost must map to value pool and owner. |
| Vendor and delivery risk | 8% | Vendor viability, roadmap, contract terms, support model, skills availability, implementation risk. | Risk register, procurement review, reference checks, fallback plan. | High risk needs mitigation and executive acceptance. |
Monthly evidence packet
One packet that satisfies leadership, engineering, security, audit, and operations.
The monthly packet is the management control artifact. It compresses delivery status, risk, approvals, incidents, cost, and release evidence into a format that can survive audit sampling.
Packet header
Ownership
Required fields
- Workstream and release ID.
- Owner, accountable executive, risk tier.
- Target users and impacted systems.
- Current status, blocked gates, exception owner.
Evidence body
Controls
Required proof
- Architecture record, ADRs, threat model.
- CI output, AI evals, accessibility and security scans.
- UAT, parity, service replay, citations, approvals.
- Rollback plan, deployment ID, monitoring dashboard.
Operating view
Decision
Leadership output
- Go, hold, remediate, or accept exception.
- Incidents, SLOs, drift, cost, adoption, value.
- Open risks and POA&M updates.
- Next decision needed and accountable owner.
Document control procedure
Every policy, procedure, diagram, and evidence packet has ownership and freshness rules.
This prevents the evidence hub from becoming a static deck. Reviewers can see which artifacts are controlled, how they are updated, and when stale evidence must be refreshed.
| Artifact class | Control fields | Freshness rule | Approval path | Archive / retention |
|---|---|---|---|---|
| Policy | Policy ID, owner, scope, effective date, review date, mapped procedures, exceptions. | Review quarterly or when regulation, risk tier, platform boundary, or data class changes. | Owner drafts; Security/Privacy/Legal/Compliance review; executive approval for high-risk policy. | Retain superseded versions with decision log and effective-date history. |
| Procedure | Procedure ID, trigger, inputs, steps, outputs, RACI, system of record, evidence required. | Refresh after every failed gate, incident, audit finding, or material workflow change. | Procedure owner approves; affected Product/Ops/Security roles consulted. | Retain prior version for release trace and audit reconstruction. |
| Architecture diagram | Diagram ID, audience, depth, owner, source assumptions, linked ADRs, linked evidence. | Refresh when system boundary, integration, endpoint, certificate, data flow, or release gate changes. | Architecture owner approves; Security/Ops/Product consulted for impacted boundaries. | Archive with the ADR or release packet that used the diagram. |
| Release evidence packet | Release ID, workstream, risk tier, scope, tests, evals, scans, approvals, rollback, monitoring. | Created for every material release; updated if release is held, rolled back, or remediated. | Product, Engineering, QA, Security/Privacy, Ops, CAB or release forum. | Immutable after release decision; append remediation and incident addenda. |
| Audit or certification binder | Audit period, control owner, test case, evidence path, finding, remediation owner, closure date. | Refresh per audit cycle and when a related release changes the control surface. | Compliance owner coordinates; Legal/Security/Product approve submission package. | Retain raw evidence and submitted package separately for traceability. |
| Monthly operating packet | Month, owner, releases, risks, exceptions, incidents, EDE status, migration waves, value metrics. | Monthly; late evidence is listed as a gap with owner and recovery date. | Transformation Lead approves; Executive Sponsor reviews decisions and escalations. | Retain packet snapshots to show trend, not just current status. |
EDE certification hub
BrokerLink EDE evidence is treated as a controlled certification package.
The EDE path has its own evidence standards because CMS-facing enrollment, identity proofing, audit, and consumer data flows require more than normal portal UAT.
Onboard
NOI and CMS interview
Record partner intent, scope, contacts, planned API coverage, and certification assumptions.
Integrate
CMS Hub and RIDP
Implement mTLS/API access, RIDP/Experian flow, correlation IDs, and endpoint-level logging.
Test
API and UI toolkits
Package raw JSON/XML, screenshots, pathway outcomes, error handling, and FFM logic parity.
Audit
PIA, SSPP, MARS-E, BRA
Map privacy, security, business requirements, vulnerability evidence, and remediation.
Approve
Mini-audit and go-live
Submit evidence, resolve findings, confirm production controls, and record approval state.
Operate
Continuous change control
Track API changes, incidents, releases, cert rotation, training, and annual audit readiness.
Runbooks and readiness
Operational documents that stop "who owns this in production?" from becoming a crisis.
Every production release needs an operational owner, monitoring path, rollback procedure, escalation tree, and support acceptance record.
| Runbook | Scope | Required content | Primary owner | Trigger |
|---|---|---|---|---|
| Portal deployment and rollback | ServiceLink, BrokerLink, GroupLink | Deploy steps, release ID, feature flags, rollback, cache, smoke tests, support notice. | Engineering + Ops | Every portal release. |
| Contact Center AI fail-closed path | Agent assist and service automation | Disable AI suggestions, route to human workflow, preserve transcript, notify QA and knowledge owners. | Ops + Product | Grounding failure, high-severity incident, policy breach. |
| EDE outage and CMS partner incident | BrokerLink EDE | CMS status check, RIDP/API error handling, member/broker communication, evidence capture. | Product + Compliance + Ops | CMS, RIDP, mTLS, or enrollment transaction failure. |
| Certificate and secret rotation | Gateway, mesh, EDE, mainframe adapters | Inventory, expiry, rotation window, verification, rollback, SIEM correlation, exception owner. | Security + Ops | Planned rotation or suspected exposure. |
| Mainframe dual-run and cutover | Modernization waves | Consumer inventory, parity thresholds, reconciliation, batch restart, rollback, decommission evidence. | Architecture + Engineering + Ops | Wave readiness and production cutover. |
| AI model/tool incident response | AI SDLC Factory and deployed AI use cases | Containment, kill switch, prompt/model rollback, data exposure triage, AIRB notification, POA&M. | Security + Transformation Lead | Harmful output, data leak, unsafe tool action, drift breach. |
Reviewer question map
When someone asks for the document, point them to the artifact and the answer.
This is the live meeting index. It turns broad consultant questions into a concrete artifact path.
| Question they ask | Primary artifact | Short answer | Drilldown route |
|---|---|---|---|
| Who owns decisions and approvals? | RACI Matrix + Operating Model | Each workstream and release gate has one accountable owner with responsible, consulted, and informed roles mapped. | RACI and artifact library |
| What is the AI SDLC process? | AI SDLC Methodology + Release Gates | Use cases enter inventory, risk tiering, model/tool policy, evals, evidence packets, human approval, monitoring, and incident response. | AI SDLC |
| What are the real proof points that this capability is working? | Current Work and Proof Points | GroupLink shows the prior-to-modernization platform story; BrokerLink / MarketLink shows secure greenfield delivery, remediation evidence, independent assessment path, and ControlFrame-style evidence collection. | Current Work / Evidence showcase |
| Where can we show the actual platforms we have built? | Platform Showcase + Product Evidence Register | ClaimsLink, MarketLink, GroupLink, ReconLink, Prior Auth, and the presentation shell are listed as proof surfaces with launch links, status, and next evidence needed. | Platforms |
| What is happening with staff realignment? | AI-Native Operating Model | Staff move into product ownership, platform architecture, secure engineering, QA automation, evidence control, operations, and SME validation roles. | Staff realignment |
| Model and tool portability | Model Gateway + Tool Registry | No. Models, tools, and agents are interchangeable behind WHPS policy, adapter, eval, logging, and release controls. | Approved tools |
| Product and platform selection basis | Product Selection Matrix + ADRs | Selections are scored by security, integration, capability, portability, operability, value, and vendor risk. | Product selection |
| Where is the architecture? | Target Architecture Library + Diagram Catalog | The site includes L0, L1, L2, and L3 diagrams for leadership, architecture, engineering, security, operations, QA, and finance. | Architecture and Diagram Studio |
| What is the target architecture? | Cloud-Native, AI-Native Health Plan Platform | ServiceLink, BrokerLink, GroupLink, and Contact Center AI are product experiences on shared identity, API/event, membership, enrollment, billing, data, AI-control, security, and evidence services. | To-be architecture |
| Legacy diagram translation into target architecture | Architecture Source Translation | The Word diagrams are legacy/current-state context. They are used for capability and dependency signals; old implementation technologies are migration dependencies, not target-state design choices. | Source translation |
| What did the Wipro Links architecture deck actually prove? | Wipro Links / HPS Current-State Platform Map | It proves the current state includes HPS and PCI zones, ServiceLink, ExchangeLink, EMC, DataPower, MQ/MQFTE, PingFederate SAML, PaySafe/Fiserv, DB2, MSSQL, MySQL, reporting, documents, communications, and file transfer. | Current-state platform map |
| What did AWS discovery quantify? | AWS Discovery Baseline | AWS quantified 9.55M in-scope LOC, 6,628 MIPS, 15-20 apps, 18 TB DB environment, 41K DB IOPS, 168h OLTP, 140h batch, COBOL/JCL/DB2 artifacts, scheduler, RACF, Control-M/IWS, and required source intake. | AWS discovery baseline |
| How do discovery results become a funded migration wave? | AWS Transform Discovery to WHPS Wave Factory | Discovery produces source completeness, call/data/batch/interface graphs, MRA gaps, candidate domains, wave scores, parity gates, rollback conditions, and a decommission ledger before leadership funds cutover. | Wave factory |
| Additional diagrams required for architecture completion | Legacy Discovery Backlog + To-Be Diagram Roadmap | Additional as-is diagrams cover inventory, interfaces, data stores, batch/file flows, security zones, and operations; to-be diagrams cover platform, membership, network/security, data, AI, SRE, and migration. | Diagram roadmap |
| How will EDE be certified? | EDE Certification Evidence Hub | BrokerLink EDE readiness is packaged with CMS onboarding, API/UI toolkits, RIDP, PIA, SSPP, MARS-E, BRA, mini-audit, and change control. | EDE evidence |
| Release quality proof | Monthly Evidence Packet + Release Gates | Every material release carries tests, evals, scans, approvals, rollback, deployment ID, monitoring, and exception status. | Evidence packet |
| What happens in production? | Runbooks + Operations Readiness | Runbooks cover deploy, rollback, fail-closed AI, EDE incidents, certificate rotation, mainframe cutover, and AI incident response. | Runbooks |
| How do we know value is real? | Financial Value Ledger | Value is tracked by baseline, run cost, adoption, productivity, decommission savings, owner, and monthly variance explanation. | Financials |
| Where is the policy that governs this? | Policy-to-Procedure Crosswalk | Each policy maps to required procedures, minimum evidence, framework mapping, and review cadence. | Policy crosswalk |
| How exactly is the procedure executed? | Procedure Catalog | Every procedure lists trigger, required steps, outputs, and what is blocked if evidence is missing. | Procedure catalog |
| Which diagram should be used in this meeting? | Diagram Answer Library | Diagram usage is mapped by question pattern, audience depth, evidence linkage, and follow-up artifact. | Diagram answer library |
| How are policies, procedures, and diagrams kept current? | Document Control Procedure | Artifacts have owners, freshness rules, approval paths, retention rules, and stale-evidence handling. | Document control |
| Data lineage, source freshness, and RAG evidence | Data Governance + Prompt/Retrieval Governance | Data source onboarding, lineage, retention, masking, source approval, citation testing, and freshness review are required before production use. | Policy crosswalk |
| Model and tool replacement | Model and Tool Portability Policy | The framework requires adapter records, baseline evals, substitution tests, rollback paths, and exit plans. | Procedure catalog |
| Audit finding and failed-control closure | Exception + POA&M Procedure | Findings get an owner, severity, compensating control, due date, residual risk approval, and closure evidence. | Procedure catalog |
| What maturity level are these controls really at? | Control Maturity Model | Controls move from documented to proceduralized, evidence-backed, measured, and assured only when evidence exists. | Maturity model |
| What is target-state versus already operating? | Assumptions and Validation Register | Target controls, unknown environment facts, and validation dependencies are explicitly labeled instead of overclaimed. | Assumptions |
Assumptions and validation
What is target-state until the actual environment inventory confirms it.
The program evidence distinguishes validated production facts from target-state assumptions. Current architecture labels these items as target patterns until confirmed.
Validation needed
Before final release plans
Open technical facts
- Final DNS names, CIDR ranges, firewall zones, and certificate authorities.
- Actual CMS/EDE endpoint configuration, RIDP contract path, and auditor schedule.
- Production source-system inventory, owners, interface volume, batch windows, and outage windows.
- Confirmed model runtime, private data boundary, and PHI/PII approved execution path.
Evidence risk
Managed through POA&M
Known scrutiny points
- AI eval thresholds, red-team coverage, and human approval rules.
- Mainframe parity, reconciliation, and decommission savings acceptance.
- Data lineage and source freshness for Contact Center AI RAG responses.
- Naming reconciliation where MarketLink, BrokerLink, and EDE Agent Portal appear in older sources.
Sources
External governance and security references used to shape the evidence model.
These references establish the language for AI risk management, secure development, architecture decisions, EDE certification expectations, and LLM application security.