Decision Snapshot
What is being assessed
Managed Network Services Supplier (Anonymised) for managed network monitoring, incident support, and configuration services for operational communications infrastructure in a critical infrastructure environment.
Why it matters
The service would operate in a sensitive critical infrastructure environment with access to operational communications, telemetry, and incident workflows.
Decision
Escalate.
Contract execution position
Designated authority review required before contract execution.
Escalation authority
Attorney-General's Department.
Monitoring cadence
Quarterly control attestation and review for the first 12 months, followed by trigger-based reassessment.
Risk Drivers
- Foreign parent governance and platform dependence
- Standing offshore privileged access
- Operational dependency on supplier-managed tooling and offshore support
- Sensitive critical infrastructure exposure inside the assessed operating environment
- Unresolved jurisdictional exposure in the parent control chain
System Function
What the system does
AustraliaOS structures supplier-risk evidence into a decision workflow. It verifies and organises supplier risk inputs, identifies ownership, control, jurisdictional, access, and dependency exposure, produces a decision position, and attaches mandatory controls, enforcement obligations, and monitoring requirements for accountable human decision-makers.
Inputs
Supplier structure, support model, jurisdiction exposure, service dependency, and handling context.
Decision support
Structured reasoning for procurement, security, legal, and operational review.
Authority boundary
Outputs support decision-makers. They do not replace legal, procurement, security, or government authority.
Workflow
Six-layer workflow
Doctrine
Defines the intake standard, scoring posture, and authority thresholds for supplier and procurement risk decisions.
Intake
Captures structured facts on ownership, control, jurisdiction, privileged access, dependency, and service context.
Assessment
Produces a risk position from the recorded evidence and identifies the main decision drivers.
Directive
Sets the decision position, required conditions, restrictions, and escalation posture before contract execution.
Enforcement
Translates the directive into contract, technical, deployment, and handling obligations.
Monitoring
Assigns review cadence and trigger-based reassessment so residual risk remains under operational supervision.
Produced Outputs
Assessment position
High risk, 71 / 100, Escalate.
Contract execution position
Designated authority review required before contract execution.
Mandatory controls
Australian-controlled bastion access, session recording, immutable audit logging, dual approval for exceptional support intervention, and restrictions on production administration and scope expansion.
Monitoring position
Quarterly control attestation and review for the first 12 months, followed by trigger-based reassessment.
Residual risk
Foreign parent exposure, persistent offshore privileged access, unresolved jurisdictional exposure, and operational dependency remain material until escalation review is complete.
Technical proof / linked artifacts
These secondary links point to the protected AgentOS proof artifacts for the same deterministic supplier-risk reference case.
Structured case JSON
Deterministic structured case record exposing the locked sample metadata, assessment, and procurement output fields.
View structured case JSON
Generated procurement brief
Access controlled artifact available during a walkthrough or authorised review.
Request Access
Authority guardrail
AustraliaOS structures evidence, risk reasoning, and directive-ready outputs for accountable decision-makers. It does not replace authorised legal, procurement, security, or government decision-making authority.