Continuous Observability + Continuous Assurance. The Trust Layer for Enterprise AI.
Validate models that change every week.
Continuous Observability + Continuous Assurance. The Trust Layer for Enterprise AI.
Traditional MRM cycles assume annual revalidation. Foundation models change weekly. Reign provides continuous validation infrastructure: approved-model registry, cryptographic versioning, drift detection, validation harnesses, change packets — built around your existing MRM playbook.
The MRM practitioner problem
The cycle was annual. The model is weekly.
MRM playbooks are mature for traditional models — but foundation models update weekly, agentic systems chain tools dynamically, and prompts evolve continuously. The validation team is asked to certify systems that no longer match the snapshot they validated. Reign fixes the substrate so the playbook still works.
Validation drift.By the time annual validation completes, the production model has drifted from the validated baseline. The evidence is stale before it's filed.
Reproducibility gaps.Validation runs depend on engineering for telemetry. Datasets aren't versioned alongside results. Re-running a validation a quarter later doesn't produce the same artifact.
Material-change ambiguity.Was a prompt template revision a material change? A provider version bump? A tool addition? Without a documented PCCP, every change becomes a judgment call — and judgment calls don't hold up in examination.
Effective challenge erosion.When validators depend on model owners for telemetry, independence is compromised. Sample-based testing can't cover thousands of daily inferences.
MRM citations, mapped to Reign
Section-level framework mapping.
The mapping the validation team needs — citation by citation, with the Reign component that produces the evidence.
| Framework / Section | Validation Question | Reign Component | Evidence Reign Delivers |
|---|---|---|---|
| SR 11-7 §III — Model Validation | Is independent validation evidence reproducible and complete? | Model Risk Validation validation harnesses | Validation harnesses run on demand and on schedule. Evaluation datasets, prompts, expected outputs, and pass/fail criteria are versioned and reproducible. Conceptual soundness, process verification, and outcomes-based testing artifacts attach to the model record. |
| SR 11-7 §V — Ongoing Monitoring | Are deployed models continuously monitored for drift and performance decay? | Model Risk Validation drift detection | Statistical drift monitors on every approved model. Performance, fairness, and stability benchmarks tracked against validation baseline. Materiality thresholds with second-line escalation. Out-of-tolerance events trigger re-validation workflows. |
| FDA PCCP — Predetermined Change Control Plan | Are model changes governed by a predetermined plan with reviewer attribution? | Change packets in Model Risk Validation | Cryptographically versioned change packets aligned to PCCP scope. Each packet contains the change, the validation evidence, the reviewer, and the rollback plan. Material changes are flagged for second-line review before deployment. |
| EU AI Act Art. 15 — Accuracy, Robustness, Cybersecurity | Is lifecycle robustness and cybersecurity continuously demonstrated? | AI Gateway + Model Risk Validation | Continuous robustness testing through validation harnesses. Cybersecurity controls at the Gateway — prompt-injection detection, jailbreak monitoring, exfiltration prevention. Article 15 evidence is generated continuously, not assembled annually. |
| ISO 42001 §9.1 — Performance Evaluation | Is the AI Management System measured against documented criteria? | Audit Ledger (CAVR) | Performance evaluation evidence flows directly from the Audit Ledger (CAVR). Documented criteria, monitoring data, internal-audit findings, and management-review inputs are all framework-mapped. ISO 42001 §9.1 packets are exportable on demand. |
| FINOS AIGF v2.0 — Model Risk Controls | Are AI-specific model risk controls operating as designed? | Four-Component Spine | AIGF model-risk controls map directly to Reign components. Inventory, validation, monitoring, change control, incident response, and reporting evidence are produced continuously and assembled into AIGF-aligned reporting packs. |
The validation lifecycle
Continuous validation, end to end.
Validation isn't a milestone. It's a lifecycle. Reign instruments every phase — pre-deployment to decommissioning — so practitioners have evidence on demand.
Phase 1
Pre-deployment Validation
Validation harness runs against the candidate model. Conceptual soundness review, process verification, outcomes-based testing — all evidence attached to the change packet before approval.
Phase 2
Approved-Model Registry Entry
Model is registered with risk tier, validator attribution, validation evidence, and approved deployment scope. Cryptographic versioning. Read-only audit access for the third line.
Phase 3
Continuous Monitoring
Drift monitors, performance benchmarks, fairness metrics, exception rates — all running continuously. Materiality thresholds set per model. Alerts route to model owner, validator, and second line.
Phase 4
Material Change Detection
When provider, version, prompt template, or behavior crosses the material-change threshold, the system flags it. The model is locked to the prior approved version until re-validated, or the change is approved through PCCP-aligned workflow.
Phase 5
Re-Validation
Validation harness re-runs. Independent challenge happens against the current production model — not a snapshot from twelve months ago. Validators have read-only evidence access.
Phase 6
Decommissioning
When a model is retired, the audit chain captures decommissioning evidence — final monitoring data, rollback artifacts, reason for retirement. Nothing leaves the registry without a full record.
For your role on the MRM team
Built for the four hands that touch validation.
Model Risk Validators
Read-only evidence access. Validation harnesses you can re-run. Drift telemetry on your timeline. Independent challenge without depending on model owners for every artifact.
Independent Challenge Team
Effective challenge enforced by segregation-of-duties at the Gateway. Population-level evidence — not sampled. Reproducible queries against the same evidence corpus produce identical artifacts.
Model Inventory Owners
Single source of truth for approved models. Risk tier, validation status, drift state, change history, deprecation date — all visible in real time. No more inventory reconciliation work.
Quants and Validation Engineers
Validation harnesses as code. Evaluation datasets, prompts, expected outputs, and pass/fail criteria versioned alongside the model. Reproducibility is the default.
Mapped to your validation cadence
Continuous evidence, on every validation timeline.
Weekly Drift Alerts
Real-time monitor outputDrift, performance, fairness, and exception monitors fire continuously. Weekly digest summarizes which models crossed thresholds, which require attention, and which require re-validation.
Monthly Challenger Reviews
Challenger model comparisonsSide-by-side performance and fairness comparisons between champion and challenger models. Validation harnesses run identical evaluation against both. Promotion or rejection is evidence-driven.
Quarterly MRM Committee
Live MRM dashboardApproved-model inventory, drift events, validation status, change activity, exception backlog — all pulled directly from the audit chain. Walkthrough-ready for the second line and audit committee.
Annual Validation Cycle
Validation packets per modelIndependent validation evidence assembled per SR 11-7 §III standards. Conceptual soundness, process verification, outcomes-based testing — framework-mapped and submission-ready for examiners.
Explore the four components
Model Risk Validation is the MRM core. The other three keep it honest.
Model Risk Validation
Approved-model registry, validation harnesses, drift detection, change packets. The MRM core.
ExploreAI Gateway
Policy at the edge. Effective-challenge enforcement. Identity-bound model calls.
ExploreAudit Ledger (CAVR)
Continuous audit chain. Performance, drift, exception evidence — population-level.
ExploreAssurance Packs
SR 11-7, E-23, EU AI Act, FINOS AIGF — framework-mapped, submission-ready.
ExploreFrequently asked