Template

Impact assessment — public-safe template

Copy/paste skeleton for regulated partners. Every claim should point to a receipt (DSSE, packet, reason codes) that a reviewer can replay offline.

Open policy Security review packet Receipt Finder

Minimum sections (one page)

A public-safe impact assessment is short, consistent, and defensible. Keep this version non-sensitive.

System + scope: what it does, where it runs, and what it is allowed to affect.
Affected stakeholders: who can be impacted (patients, customers, employees, public).
Top 5 impact scenarios: harms + severity + likelihood (public-safe).
Controls: which gate prevents each harm (Verify / Permit / Gate) + reason codes.
Evidence pointers: URLs to receipts (DSSE, packet, transparency, policies).

How it ties to gates

Impact assessment is not a document for its own sake — it must change outcomes.

Missing assessment → HOLD (fail‑closed).
Assessment present but inconsistent → FAIL.
Assessment + evidence valid → PASS (GO).

/governance/ Stop authority

/aims/ AIMS

Machine-readable template (public-safe)

Copy

This is a starting point. Keep sensitive details in a private addendum; keep this version safe to publish.

{
  "schema": "mvg.impact_assessment@1",
  "issued_utc": "YYYY-MM-DDThh:mm:ssZ",
  "system": {
    "name": "…",
    "version": "…",
    "intended_use": "…",
    "deployment_context": "…",
    "allowed_actions": ["…"],
    "disallowed_actions": ["…"]
  },
  "affected_stakeholders": ["patients", "customers", "employees", "public"],
  "top_impact_scenarios": [
    {
      "id": "IA-1",
      "scenario": "…",
      "harm": "…",
      "severity": "low|medium|high",
      "likelihood": "low|medium|high",
      "gate": "verify|permit|gate",
      "reason_codes": ["…"],
      "mitigations": ["…"],
      "evidence": ["https://meridianverity.com/.well-known/mvg-procurement-ticket-pack.dsse.json"]
    }
  ],
  "evidence_pointers": {
    "ticket_pack_dsse": "https://meridianverity.com/.well-known/mvg-procurement-ticket-pack.dsse.json",
    "security_review_packet": "https://meridianverity.com/trust/security-review/",
    "transparency_log": "https://meridianverity.com/trust/transparency/",
    "governance_receipt": "https://meridianverity.com/.well-known/mvg-governance.json"
  },
  "signoff": {
    "roles_only": true,
    "owner_role": "Safety owner",
    "stop_authority_role": "Release stop authority",
    "date_utc": "YYYY-MM-DD"
  }
}

Open DSSE viewer

Tip: publish a public-safe assessment and keep a private addendum for NDA-bound details. The public-safe version proves the method exists and is replayable.