We just completed the final session in our series on the Golden Thread of Assurance. Assurance is the proactive means of providing confidence that obligations have been met, are being met, and will be met. It runs through everything critical to compliance — and it answers a question many organizations have had to ask: why did we have an incident when we had checked all the boxes? The boxes were checked. The thread was broken. The golden thread connects the spaces in between.

For years I've watched the same thing happen across every regulated sector I've worked in. The obligations are documented. The controls are implemented. The audit gets passed. And still, when something goes wrong, you find that no one — not one identifiable person, not one accountable part of the organization — was holding the thing that failed. It's tempting to call this negligence: managers handing their responsibilities off to consultants, departments, and auditors. There

Today many organizations use AI that is general. It was trained on the public record, not on any one sector or business. It does not know your mission, your values, your goals, your processes, your protocols, or your standard operating procedures. When you ask it a question, it answers from what is common across everyone, not from how that knowledge applies to the particulars of what you do. In a regulated, high-risk domain this is a problem. The general model gives you the