HOME | FOR AGENCIES
A certified practitioner turns
a diagnostic into
a defensible record.
The free diagnostic on the HSRL website is a self-assessment tool — it helps your agency understand where structural governance gaps may exist. It is not a validated finding and does not produce a signed record. For a governance assessment that is audit-grade, legally defensible, and usable in procurement, oversight, and legal proceedings, a certified HSRL practitioner must conduct and validate the diagnostic. That's true whether your agency uses the full Agency SGL platform or works with a practitioner directly.
IMPORTANT DISTINCTION
Free public diagnostic — self-assessment, no practitioner, no signed record, not validated.
Practitioner-validated diagnostic — conducted by a certified HSRL practitioner, produces a SHA-256 signed GCR, audit-grade and defensible.
TWO WAYS TO WORK WITH HSRL
Both paths require a practitioner.
What's different is how your agency holds the record.
Every validated HSRL diagnostic — regardless of whether your agency uses the full SGL platform or not — is conducted by a certified HSRL practitioner. The practitioner is what makes the finding defensible. The two paths below describe where your governance records live after that finding is issued, not whether a practitioner is involved. They always are.
● Agency SGL Included
HSRL Embedded in Your Workflow
Your agency subscribes to the Agency Structural Governance Ledger as part of embedding HSRL in your procurement, compliance, or governance process. Every system you assess gets a permanent record in your ledger. Your practitioners credential in to run scheduled diagnostics directly inside it. You see everything in real time.
✓Agency SGL — live governance accounting for all your systems
✓Every diagnostic run logged with timestamp and practitioner
✓Condition scores tracked over time — not just at point-in-time assessment
✓Re-audit schedule automated — system flags when review is due
✓GCRs issued and logged immutably inside your ledger
✓Practitioner credentials directly into your ledger for scheduled work
✓Agency owns all data — practitioners are credentialed accessors, not hosts
● Practitioner Records
Certified Practitioner Engagement — Without the Platform
Your agency works directly with a certified HSRL practitioner who conducts governance assessments and produces signed, audit-grade records. This is the right fit when your agency needs defensible governance findings without the overhead of embedding a full platform. The practitioner holds your records in their Practitioner SGL and delivers signed documents your agency can use for procurement, compliance, oversight, and legal purposes.
✓Same five-condition methodology — identical to the SGL assessment standard
✓GCR-001, GCR-002, and GCR-003 records — SHA-256 signed, immutable, audit-grade
✓Full Remediation Pathway Document issued on RED findings
✓Records formatted for procurement documentation, OIG submissions, and legal proceedings
✓Practitioner holds your record history in their Practitioner SGL — accessible on request
✓No platform infrastructure required — no M365 integration, no IT overhead
·No live condition tracking between assessments
·No automated re-audit scheduling
·Records held in practitioner's system, not your agency's own ledger
When this is the right fit: Smaller agencies, single-system assessments, jurisdictions beginning a governance program, agencies evaluating HSRL before committing to platform integration, or any situation where the agency needs defensible records without platform overhead. Many agencies start here and move to the Agency SGL as their governance program matures.
PRACTITIONER RECORDS - WHAT THEY ARE AND WHEN THEY’RE ENOUGH
The practitioner is what makes the finding defensible.
An HSRL Governance Confirmation Record (GCR) is an audit-grade governance finding produced by a certified HSRL practitioner who assessed a specific system against the five structural governance conditions. The practitioner runs the diagnostic, verifies the evidence, and issues the signed record. No diagnostic is validated without a practitioner — the free public diagnostic on the HSRL website is a self-assessment tool only and produces no signed record.
Every HSRL-certified practitioner carries active Errors & Omissions insurance, with a current certificate of insurance on file with HSRL. Their directory listing remains live only while that coverage is current. The practitioner's Practitioner SGL — where your records are held — is free with their certification and remains active for the life of their credential in good standing.
The GCR is SHA-256 signed at the moment of issuance. It cannot be retroactively amended. It is formatted for use in procurement documentation, OIG submissions, legal proceedings, and legislative audit records. That defensibility comes from the methodology, the practitioner's credential, and the signed record — not from the platform that holds it.
The practitioner holds your records in their Practitioner SGL. Your record history is maintained, accessible, and retrievable on request at any time. If an oversight body, legal proceeding, or procurement process requires documentation of a prior assessment, your practitioner can produce it. If your agency later moves to the full Agency SGL platform, that historical record migrates intact.
GCR-001
Pre-Deployment Assessment
Five-condition assessment conducted before a system goes live. Documents the governance state at deployment. The record establishes what conditions were present or absent before harm was possible — the foundational pre-harm record.
GCR-002
Annual Review
Annual re-assessment of a system already in operation. Documents whether conditions have been maintained, degraded, or improved since the prior assessment. Tracks governance state over the system's operational life.
GCR-003
Post-Incident Assessment
Assessment conducted after a harm event, complaint, or OIG inquiry. Documents the governance state at the time of the incident and identifies which structural conditions were absent. Produced for oversight bodies, legal proceedings, and formal review.
On RED findings: Any GCR that returns a RED governance rating — one or more structural conditions absent — triggers a Remediation Pathway Document. The RPD identifies the specific condition failure, documents comparable cases from the HSRL dataset where the same failure produced harm, and specifies the structural remediation required before the system is reassessed.
THE AGENCY STRUCTURAL GOVERNANCE LEDGER
Governance accounting
for automated systems.
Your agency runs it.
Your practitioners work inside it.
Think of the Agency SGL the way you think about an accounting system. An accounting system doesn't just hold last year's audit. It maintains a continuous, timestamped, immutable record of every transaction — so that at any point, you can see exactly what was known, when it was known, and what changed. The Agency SGL does the same thing for governance conditions.
Every system your agency runs gets an entry. Every diagnostic run updates the entry. Every condition score is logged. Every GCR issued is filed. Every time a practitioner credentials in and runs a scheduled review, that action is recorded with the practitioner's name, credentials, and timestamp. If harm occurs later, the record of what was known — and what was absent — already exists and cannot be retroactively changed.
The Agency SGL is not a dashboard. Dashboards show you what's current. The SGL shows you what was current at every point — including the points that matter most to investigators, oversight bodies, and legal proceedings.
WHAT THE AGENCY SGL DOES
Six things a stack of PDFs
cannot do.
📒
Continuous Governance Accounting
Every system gets an entry. Every diagnostic run updates it. Condition scores are tracked over time — not just captured once. The ledger shows you the governance state of every system at every point in its history.
🔐
Immutable Pre-Harm Record
GCRs are SHA-256 signed and logged to the ledger at the moment of issuance. The record of what was known at any point cannot be retroactively amended. If harm occurs later, the governance state at the time of that harm is already on record.
🏛
Agency-Owned Data
Your agency owns everything in the ledger. The practitioner is a credentialed accessor — not the host. If you change practitioners, the record stays with you. If a practitioner's license lapses, your governance history is unaffected.
📅
Automated Re-Audit Scheduling
The SGL knows when each system's GCR-002 annual review is due and when any condition's re-validation interval has elapsed. It flags systems approaching their window and systems that have passed it — before you have to track it manually.
👤
Practitioner Credential Access
Your assigned HSRL-certified practitioner credentials directly into your Agency SGL to run scheduled diagnostics. They see what they're assigned to, log their findings directly into your ledger, and issue GCRs that appear in your record immediately.
📤
Exportable for Oversight & Procurement
Any entry or set of entries in the Agency SGL can be exported as a structured report for procurement documentation, OIG submissions, legislative audit records, contract requirements, or legal proceedings. Formatted for institutional use.
HOW PRACTITIONER ACCESS WORKS
The practitioner credentials in.
Your agency keeps the record.
Reminder — Only diagnostics conducted by a certified HSRL practitioner produce a validated finding and a signed GCR. The free public diagnostic available on the HSRL website is a self-assessment tool and does not produce a record usable in procurement, oversight, or legal proceedings.
The Agency SGL is not the practitioner's system. It is your agency's system. The practitioner is an authorized accessor who runs diagnostics inside it on your behalf — on a schedule your agency sets.
2
Agency credentials a practitioner
Your agency assigns an HSRL-certified practitioner to specific systems in the ledger. The practitioner receives credential access to those systems only — not your full ledger.
Agency action
1
Agency enables HSRL integration
Your agency subscribes to the Agency SGL as part of embedding HSRL in your workflow. All your active automated systems are registered in the ledger.
Agency action
3
Practitioner runs scheduled diagnostics inside your SGL
On the schedule your agency sets, the practitioner logs in to the Agency SGL, runs the five-condition diagnostic against the assigned system, and logs findings directly into your ledger. GCRs are issued and recorded immediately.
Practitioner action
4
Agency sees everything in real time
Every diagnostic run, every condition score, every GCR, every flag — all logged in your ledger with timestamp and practitioner ID. Your agency staff can view the governance state of any system at any point in its history.
Agency + Practitioner
Why agency-side only.
Never vendor-embedded.
HSRL does not offer vendor-embedded diagnostics. The Agency SGL is not a tool for evaluating vendors — it is a tool for the agency to manage its own governance obligations. The five conditions it tracks are the agency's structural responsibilities: named ownership, independent validation, ongoing monitoring, accountability protocols, and protected reporting. Those obligations belong to the agency regardless of which vendor's system is being run.
The SGL sits inside your agency's workflow because your agency is the one accountable for what the system does. A vendor can sell you a system and walk away. Your agency cannot. The governance record is yours to build and maintain — because the accountability is yours.
Vendor-embedded diagnostics also create a conflict the Agency SGL is specifically designed to avoid: a vendor assessing the governance conditions around their own product has a structural incentive to score those conditions favorably. The Agency SGL is run by your agency, credentialed to your practitioners, and holds records that only your agency controls.
USE CASES
Four ways agencies
use the Agency SGL.
Procurement Offices
Governance assessment built into every vendor evaluation
Before any contract is signed, the five-condition diagnostic runs against the vendor's system inside your Agency SGL. Governance conditions become a documented contract requirement — not something remediated after harm. Every vendor evaluation leaves a permanent record in your ledger.
Diagnostic runs as a required step in vendor selection
Governance gaps documented before contract execution
Contract language derived from specific condition findings
Permanent pre-contract governance record in your ledger
Inspector General & Legislative Audit Offices
Structural governance assessment as a standard audit component
The five-condition diagnostic runs as a baseline component of every technology audit. Every system reviewed gets a structural governance assessment logged to the Agency SGL. OIG and legislative audit offices use the ledger to demonstrate what the governance state was at any point — including at the time of any harm event.
Governance assessment embedded in standard audit workflow
Every audited system gets a permanent ledger entry
Historical governance state available for any point in time
Exportable records for legislative submissions
IT Governance & Compliance Teams
Continuous monitoring of all active automated systems
The Agency SGL tracks the governance state of every active system — not just at procurement, but on an ongoing basis. When a named owner leaves, when a validation cycle elapses, when a system is modified — the SGL flags it. Governance degradation is caught before harm, not after.
All active systems tracked in one ledger
Condition degradation flagged automatically
Re-audit schedule maintained without manual tracking
Amendment records logged when systems change
Jurisdictions Implementing Mandated Review
The HSRL diagnostic as the required pre-deployment standard
Jurisdictions enacting legislation requiring pre-deployment governance review for automated decision systems can embed the HSRL diagnostic as the statutory assessment standard. The Agency SGL becomes the compliance record demonstrating that the review occurred, what it found, and what remediation was required.
HSRL five-condition framework as statutory baseline
Agency SGL as the compliance record for mandated review
GCR-001 as the required pre-deployment certification
Ledger records available for legislative oversight bodies
HOW ITS PRICED
Two paths. Two fee structures.
One methodology.
Agencies working with a practitioner without embedding the platform pay no Agency SGL fee. Agencies that embed the full SGL pay a platform subscription in addition to practitioner engagement fees. Both paths use the same validated standard and produce the same defensible records.
For Agencies
Agency SGL
Paid by the agency as part of embedding HSRL in their workflow
Contact for pricing — scope varies by number of systems and integration depth
Live governance ledger for all registered systems
Unlimited diagnostic runs and condition tracking
Automated re-audit scheduling and flagging
GCR issuance and immutable record logging
Practitioner credential access management
Exportable records for oversight and procurement
Agency owns all data — no lock-in
Agencies without embedded HSRL do not pay this fee — and do not have access to the Agency SGL. Records are held in the practitioner's SGL and delivered as PDF documents.
For Practitioners
Practitioner SGL
Free for all HSRL-certified practitioners — included with active certification
Free · Included with every active HCGD credential
Practitioner SGL — free for all certified practitioners, not a paid tier
Credential access into Agency SGLs when invited by an agency
For agencies without the platform: full record history held in practitioner SGL
GCR issuance, SHA-256 signing, amendment workflow
Document output — PDF GCRs, Remediation Pathway Documents
Case match engine and validated dataset access
Active E&O insurance required — COI must be on file with HSRL
The Practitioner SGL is free with certification and remains active for the life of the practitioner's credential in good standing. Practitioners also carry paid license tiers (Solo, Firm, Enterprise) that cover platform features beyond the SGL — but the SGL itself is never gated behind a paid tier. Learn about practitioner licensing →
Practitioner Records — No Platform
Certified Practitioner Engagement
The right starting point for most agencies. No platform fee. No infrastructure overhead.
No Agency SGL fee — practitioner engagement fees only, set by the practitioner
Same five-condition diagnostic — identical methodology
GCR-001, GCR-002, GCR-003 — SHA-256 signed, audit-grade
Remediation Pathway Document on RED findings
Records held in practitioner's SGL — retrievable on request
Documents formatted for procurement, OIG, and legal use
No M365 integration required — no IT overhead
Most agencies begin here. A single practitioner engagement produces a defensible, signed governance record for any system your agency needs assessed. When your agency's governance program grows to require continuous tracking and live ledger access, the path to Agency SGL is a scoped integration conversation with your practitioner.
Start with a record.
Build from there.
Most agencies begin with a single practitioner engagement — a certified assessment of one system that produces a defensible, signed governance record. That record is complete on its own. It's also the foundation for everything that comes next.
Practitioner engagements available now · Agency SGL launching Summer 2026 · Free public diagnostic launching April 2026