• qa_deck_100#slide 40 · Minimum run identity and configuration record

In RAIDT, model, provider, and version have to be recorded together because governance attaches to a configured run, not to a model family in the abstract. The papers repeatedly argue that the run is the unit of governance: one use, at one time, under one concrete arrangement of prompts, tools, retrieval, oversight, and deployment choices. A model name on its own is therefore too weak. The same model family may be accessed through different providers, wrapped by different orchestration layers, and exposed through different deployment versions or policy layers. Those differences can alter what was available to the system, how behaviour was constrained, and what can later be reconstructed.

Recording the three elements together creates configuration provenance inside the run-level evidence pack. That provenance is essential for the five pillars (Responsibility, Auditability, Interpretability, Dependability, Traceability), especially Auditability and Traceability, because reviewers must be able to identify the exact deployed system that generated the output. It also matters in AI-as-a-service settings, where accountability is distributed across organisational boundaries and provider choices shape what metadata and controls are observable.

In practical RAIDT scoring, incomplete identification weakens the score profile because reviewers cannot confidently distinguish provider dependency, model drift, or deployment change from other causes. Under the anchors 1=missing / 3=partial / 5=audit-ready, a run with only a generic model label would usually remain partial at best: it may describe intent, but it does not securely link the disputed output to the actual system used.

Consider the HR shortlist justification scenario discussed in the RAIDT papers. An employer uses an external LLM service to draft reasons for including or excluding candidates. Three months later, an applicant challenges the rationale. If the record shows only a broad model name, the organisation cannot establish whether the text came from one provider's managed deployment, a later provider release, or a different wrapper with altered safety constraints.

If the run-level evidence pack instead records the provider, the exact model/deployment identifier, and the version active at the time, the reviewer can reconstruct the run alongside the prompt template, criteria version, and oversight notes. That makes the case reviewable and contestable rather than anecdotal. It also allows the organisation to explain why this run received a stronger or weaker score profile on Auditability and Traceability.

• 13-RAIDT-Evidence-Review_M_v10
• 18-RAIDT-Technical-Foundation_M_v04