• qa_deck_100#slide 39 · Minimum run identity and configuration record

RAIDT requires a prompt registry because saved prompt text is necessary but not sufficient for governance. The papers argue that generative-AI behaviour is shaped at run time by prompts, configuration parameters, retrieved context, tools, and alignment controls, so governance must document what was actually active in a specific run rather than preserve an isolated text fragment. If an organisation only stores a prompt string, it still may not know whether that prompt was approved, which version was in force, what constraints were intended, whether it was later amended, or how it links to the run-level evidence pack. A registry addresses that gap by treating prompts as governed artefacts with stable identifiers, versions, hashes, status, owners, and change reasons, so the prompt can be connected to the exact configured use being reviewed.

This matters because RAIDT treats the run as the unit of governance and evaluates a score profile across the five pillars (Responsibility, Auditability, Interpretability, Dependability, Traceability). Prompts are part of configuration provenance and, in RAIDT terms, belong to influence methods as governance interventions. Small prompt changes can alter output structure, uncertainty disclosure, or compliance with task constraints; therefore they must be versioned and logged under change control, not merely copied into notes. The registry also supports integrity and later challenge by linking prompt versions to hashes, timestamps, review checkpoints, and downstream run records. Without that structure, reviewers may have text but still lack reconstructability, comparability across runs, and defensible evidence for audit or dispute resolution. In practical scoring terms, the absence of a governed prompt record tends to weaken Auditability and Traceability and leaves the score profile closer to the anchors 1=missing / 3=partial / 5=audit-ready than an organisation should accept in high-stakes use.

Consider a public-service eligibility workflow in which staff use GenAI to draft benefit guidance. A policy team updates the prompt after a rules change, adding stricter wording on uncertainty and escalation. With a prompt registry, the organisation records the template ID, version, owner, approval status, hash, and the change reason, then links that version to the run-level evidence pack for each case. If a claimant later disputes advice, reviewers can show exactly which prompt version was active, which retrieval snapshot was used, and whether the run followed the approved control set.

If the team had only saved prompt text in a shared document, the wording might still be visible, but the organisation could not reliably prove whether that text was the approved version at the time, whether it had been altered, or which cases it governed. The registry therefore converts prompt management from informal documentation into auditable governance evidence.

• 08-RAIDT_Foundations_M_V50
• 13-RAIDT-Evidence-Review_M_v10
• 18-RAIDT-Technical-Foundation_M_v04