Decision Architecture

Doctrine

Doctrine is the governing constraint layer. It fixes the statutory, policy, and security boundaries within which decisions are made, including the SOCI Act, PSPF, ISM, and ownership, control, and jurisdictional guidance.

• SOCI Act defines critical infrastructure obligations and consequence thresholds.
• PSPF and ISM set protective security and technical control baselines.
• Ownership, control, and jurisdictional guidance frames exposure assessment.

Intake, Assessment, Directive

Intake captures the case record in structured form: entity, jurisdiction, control path, technical dependency, and operational exposure. Assessment converts that record into a bounded risk position across ownership, control, influence, exposure, and confidence.

• Directive converts the assessed position into a decision, with conditions, restrictions, and required mitigations.
• Input becomes risk; risk becomes a binding decision position.

Enforcement and Monitoring

Enforcement binds the directive into contract controls, technical restrictions, approval workflows, and audit requirements. Monitoring preserves decision continuity through scheduled review and event-driven reassessment when ownership, dependency, jurisdiction, or operational use changes.

Outputs align to existing authority structures. Final decisions remain with the designated authority.

The current environment is for controlled demonstration and validation. Sensitive operational use requires a domestically governed production deployment.

• Outputs are carried into procurement and operational control, not left as advisory text.
• Procurement briefs issue the final decision record and control position.