Agentic AI HITL Matrix Guide

Human-in-the-loop requirements by action type and risk tier for autonomous agents.

.xlsx AI-008

Agentic AI Controls & HITL Matrix

Human-in-the-loop requirements by action type and risk tier for autonomous agents.

How to Fill Out This Agentic AI Controls & HITL Matrix

Human in the loop AI controls template — Implement before any agent can send email, modify IAM, or execute code in production.

Recommended Owner: Engineering Lead | AI Governance approves Tier 3–4 overrides

Before you start

Enable Editing: Click Enable Editing when Excel prompts you.
Instructions tab: Read the Instructions sheet first for version, owners, and tab order.
Dropdowns: Use validated lists — do not type free text in status or severity columns.
Sample rows: Gray example rows are samples — delete or overwrite before sharing with auditors.
Find placeholders: Use Cmd/Ctrl+F and search for [ to catch bracket placeholders.

Toolkit links

Keep these companion documents consistent (same owners, dates, and vendor names):

Quality check

Every production system in scope has current rows — no blank owner or review date.
Dropdown values match your live process (severity, status, role).
Sample or test rows are removed; file is ready for auditor sampling.

Evidence

Store the completed file in your compliance evidence folder (signed PDF for policies).
Register the document in COR-013 Document Control Log with version and review date.
Link to the record in your SOC-005 project plan or evidence index when ready.

After customizing Agentic AI Controls & HITL Matrix:

1Complete the file: Finish every section or tab in AI-008.
2Register: Log version in COR-013; update AI-006 if this affects a production system.
3Operationalize: Deploy controls (e.g., AI-010 rules, AI-008 HITL) where this doc requires them.
4Workforce: Pair policies with AI-016 acknowledgments and security awareness (SOC-006).