A dashboard showing AI resolution rate is not governance. Governance is: measuring whether billing responses are accurate at this moment, enforcing a review threshold before wrong answers reach customers, and logging every AI decision so you can show exactly what happened when one goes wrong. FortiVault implements all three — as runtime controls, not policy documents.
Three pillars: AI Trust Score (what is the AI's current accuracy in this category?), Automation Gating (does that accuracy meet my threshold?), Full Audit Trail (what did the AI do, and why?). Each pillar answers a question that most AI customer support tools leave unanswered.
14-day free trial · No credit card required · 1 business day setup
Definitions
The term "AI governance" gets applied to a wide range of concerns. In many enterprise contexts it refers to data governance — who has access to what, where data is stored, how long it is retained. Those are real concerns, but they are addressed by security and compliance tooling, not a governance platform.
In a customer support context, AI governance addresses a distinct set of operational questions: Is the AI giving customers accurate information? Is automation expanding into categories where accuracy has not been validated? When the AI makes a decision, can that decision be explained and reviewed? If the AI is wrong, how quickly does the team know, and how does the system prevent the error from recurring?
Accuracy governance
Measuring whether AI responses are correct — not assuming they are — and surfacing accuracy by category, not as a single opaque score.
Policy governance
Enforcing automation rules before responses are delivered, not auditing them after. Policy applied structurally, not manually.
Decision governance
Logging what the AI decided, why, and what happened — so every response is explainable and every error is traceable.
The Governance System
FortiVault's governance system is built around three interdependent pillars. Each one addresses a different failure mode in ungoverned AI support. Together they form a complete governance layer.
Continuous, per-category accuracy measurement
What it does
A rolling accuracy signal calculated per support category — updated continuously as FortiAgent handles real conversations. The Trust Score aggregates response accuracy, human override rate, connector call reliability, and escalation rate.
Why it matters
Without a measurable accuracy signal, automation policy is guesswork. Teams either automate everything and discover errors after the fact, or refuse to automate anything and lose the efficiency benefit entirely. The Trust Score gives you an objective, current measure of where FortiAgent is reliable — and where it is not.
Policy enforcement before responses are sent
What it does
A per-category threshold mechanism that determines whether FortiAgent's response is sent automatically, held for human review, or blocked entirely. The gate runs on every response, in real time, before the customer sees anything.
Why it matters
Automation that can't be gated isn't policy — it's hope. Gating makes automation policy structural rather than manual. You define the accuracy level required for each category to automate. FortiVault enforces it. No configuration drift, no manual audits, no incidents required to catch a failing category.
Every AI decision traceable to its inputs and outcome
What it does
A structured log of every AI decision: the knowledge source retrieved, the connector API called, the guidance rule applied, whether the response was auto-sent or reviewed, and the final outcome. Immutable, queryable, exportable.
Why it matters
When an AI customer support decision is disputed — by a customer, by a compliance team, or by your own operations — you need to reconstruct exactly what happened. A black-box output with no trace is not defensible. The audit trail is the record that makes governance real rather than aspirational.
Governance vs Compliance
A customer support system can be SOC 2 Type II certified, GDPR-compliant, and ISO 27001 certified — and still be sending customers incorrect billing information without any mechanism to catch or prevent it. Compliance frameworks address data handling. Governance addresses whether the AI is right.
| Concern | Compliance covers | Governance covers |
|---|---|---|
| Data privacy and residency | Covered by data handling policies, DPA agreements, GDPR/CCPA configuration | Out of scope — governance addresses decision quality, not data handling |
| Encryption and access control | Covered by security certifications (SOC 2, ISO 27001) | Out of scope — governance addresses AI accuracy, not infrastructure security |
| AI response accuracy | Not covered — most compliance frameworks address data, not AI output quality | Core function — AI Trust Score measures accuracy per category continuously |
| Automation policy enforcement | Not covered — compliance frameworks have no concept of per-category automation gating | Core function — automation gates enforced per response before delivery |
| Decision auditability | Data access logs exist, but AI decision specifics are typically not captured | Core function — full per-decision trace: knowledge, connector, rule, outcome |
| Human review enforcement | Not covered — compliance does not mandate human review at a response level | Core function — review queue enforced automatically when accuracy is below threshold |
Built For
AI governance is not optional overhead for cautious organisations — it is the operational requirement for any team deploying AI in customer-facing support at meaningful scale.
Support operations handling billing disputes, account changes, and payment queries. Regulatory requirements often mandate that automated decisions are explainable and traceable. FortiVault's audit trail provides the per-decision record needed to satisfy those requirements.
AI support handling subscription changes, cancellations, and account operations where incorrect automated responses create real financial and contractual liability. Automation gating enforces the accuracy thresholds required before AI acts on sensitive account operations.
High-volume operations handling returns, refunds, and order disputes. The economics of AI automation are compelling — but so is the cost of billing errors at scale. Category-level gating lets you automate shipping queries at high rates while requiring review on refund decisions.
Teams responsible for AI deployment governance across the organisation. FortiVault provides the policy layer that enterprise IT requires before approving AI deployment in customer-facing support workflows — measurable accuracy, enforceable policy, and a full audit trail.
FAQ
Compliance addresses how data is handled — privacy, access control, residency, encryption. Governance addresses whether AI decisions are accurate and appropriate in real time. An AI customer support system can be fully GDPR-compliant and still send customers incorrect billing information. FortiVault's governance layer addresses the latter: it measures accuracy, enforces review thresholds, and creates a per-decision audit trail that compliance frameworks typically do not touch.
No. FortiVault is a governance layer, not an AI model. It sits above FortiAgent, which connects to your existing knowledge sources and helpdesk systems. FortiVault's governance pillars — Trust Score, gating, audit trail — apply regardless of which underlying model FortiAgent uses.
In most enterprise deployments, the FortiVault governance configuration is a shared responsibility between support operations (who own category thresholds and escalation policy) and IT or security teams (who own access controls and audit export). The dashboard is accessible to both. Threshold configuration and review queue management are typically owned by support operations.
Yes. The audit trail is exportable in structured format. Each record includes the full decision context: timestamp, category, knowledge source, connector calls made, rules applied, automation state at time of response, outcome, and any human review actions. This export can be provided to compliance teams, legal reviewers, or regulators.
Measurable control means that your automation policy is enforced against an objective, current accuracy metric — not against assumptions about how the AI was behaving when you last reviewed it. FortiVault shows you the Trust Score for each category, the threshold for each category, and the current automation state. You can see exactly why a category is in review mode and exactly what needs to improve before automation is enabled.
Related
Governance Deep-Dive
Trust Score, gating, and audit trail in full technical detail
Platform Overview
FortiAgent plus FortiVault as one governed support stack
Automation Gating
How category-level automation policy works in practice
Compare Alternatives
How FortiVault compares to Intercom Fin, Zendesk, Freshdesk
Get Started
We'll walk through how Trust Score, automation gating, and audit trail apply to your specific support categories — billing, returns, account queries, and more.
14-day free trial · No credit card required