KYE Chain of Authority™ for Iron Mountain InSight DXP.
Iron Mountain InSight DXP governs your information — records, custody, retention, classification, intelligent document processing, AI-ready data. The moment an AI agent acts on one of those records — pays the invoice, releases the record, actions the regulated case — a different question arrives: who was authorised to act on it? The KYE Chain of Authority™ governs that action boundary. It binds every consequential action to a named human’s authority, binds the InSight custody and classification context into the decision, records the due diligence before the action (the classification raises the authority bar), holds the irreversible action advisory until a named human signs off, and seals it into a replay-provable evidence pack. Iron Mountain proves where information travelled; KYE Protocol™ proves who was authorised to act on it.
AI-ready data is not enough — you need authority-ready AI.
From Chain of Custody to Chain of Authority.
Records platforms have spent decades proving the chain of custody — where a record came from, who held it, how it was classified and retained. AI changes the question. Once an agent can read a custodied record and take an action on it, the governance gap is no longer custody; it is authority. Three facts converge:
- The consequential moment is the action, not the record. A record sitting in InSight DXP is inert; an invoice paid, a record released, a pharmacovigilance case actioned because of that record is consequential. Accountability attaches at the moment the action proceeds — exactly where AI governance is weakest.
- Classification should drive authority. InSight DXP already classifies records by sensitivity. KYE Protocol™ consumes that classification at the action boundary — a restricted or regulated-records classification raises the authority bar required before an AI action may proceed (the classification-driven-action specialization). The classification you already have becomes the authority control you need.
- Custody is the evidence; authority is the decision. The InSight chain-of-custody (mapped from the ISO 23081 records-metadata standard) is bound into the KYE Protocol™ authority decision as evidence input. KYE Protocol™ proves which custodied record, with which custody history, drove the action — and under whose authority. That is the custody→authority binding.
- This is a governance wedge, not a records platform. KYE Protocol™ does not compete with InSight DXP. It governs the action boundary InSight feeds — the named-authority + custody-binding + due-diligence + sign-off + evidence layer the AI-on-records ecosystem currently lacks.
Survives an auditor or a regulator spot check — authority-bound, custody-evidenced, and derivable from public keys alone.
- Authority-bound. Every consequential AI action on an InSight-custodied record maps to a recorded named-authority decision — the agent, the record, the intended action, and the named human under whose authority it proceeds. An AI authorised for one purpose cannot proceed under another.
- Custody-evidenced. The InSight custody and classification context is bound into the decision and its evidence pin before the action proceeds — the Chain of Custody becomes the Chain of Authority. An action whose decision does not carry the custody binding is refused at the action-admissibility gate.
- Due-diligenced, classification-aware. A recorded due-diligence result — competence / authority-scope, permitted-use, and the classification-driven authority bar — is required before the action. A higher InSight sensitivity classification raises the threshold; an unscreened or classification-bar-failing action is refused and routed dual-channel.
- Sign-off-gated on the irreversible action. An irreversible or high-impact action stays advisory until a named human records sign-off (§36 GovernedUI); a regulated/restricted InSight classification additionally requires two-person sign-off. The accountable human remains personally accountable.
- Replay-provable evidence. A signed evidence pack binds the agent, the record reference, the bound custody context, the due-diligence result, and the Authority Finality™ outcome — verifiable offline, against published keys alone (the §13 Resilience Loop).
Every consequential action on an InSight-custodied record — authority-bound at the action boundary.
One coherent spine governs four specializations — invoice-action, records-action, pharmacovigilance-records, and classification-driven-action — with no parallel packs. Each AI action that moves toward a consequence flows through the same four rules, on the canonical KYE Protocol™ envelopes.
- 1 — InSight custody event imported. The connector maps the InSight DXP record identity, classification, agent, and chain-of-custody event history (named against the ISO 23081 records-metadata standard) onto the KYE Protocol™ entity / evidence model. KYE Protocol™ consumes the metadata as an input signal; it does not store or classify the record.
- 2 — Custody bound + authority + due-diligence check. When the record drives a consequential action, the Action Admissibility™ Gate binds the custody/classification context, verifies the named authority, and verifies the due-diligence result (including the classification-raised authority bar), under the §25 Edge Governance Safety Floor. No custody binding, no authority, or a failing classification bar = no action.
- 3 — Advisory pending sign-off. An irreversible action is advisory until a named human records sign-off — with two-person sign-off on regulated/restricted InSight classifications. Unreviewed actions are refused and routed dual-channel.
- 4 — Evidence pack sealed. The runtime emits kye.purpose.request.v1 + kye.purpose.admissibility.v1 + kye.evidence.decision_map.v1 + kye.evidence.pack.v1 in lockstep, binding the record reference, the bound custody context, the due-diligence result, the named acting authority, and the Authority Finality™ outcome — signed and replay-derivable.
Bound to the records-management standards perimeter.
The pack binds the canonical KYE™ artefact set to the records-management standards spine. The records standards are consumed by the rule pack, never re-mapped. The honest split is the credibility core: the chain-of-authority overlay (the action boundary) is KYE Protocol™’s job and maps enforced; the records storage, capture, retention, and disposition requirements are Iron Mountain’s job and map out-of-scope — KYE Protocol™ never claims to enforce records storage.
| Standard | KYE Protocol™ (action authority) — enforced | Iron Mountain (records) — out-of-scope |
|---|---|---|
| ISO 15489 (Records Management) | Authenticity / access at the action boundary | Records capture, retention schedule, storage |
| ISO 16175 (Digital records) | Access-control decision + action-decision audit | Capture / classification / retention functions |
| ISO 23081 (Records metadata) | Classification-driven authority + custody binding | Records-metadata creation & management |
| DoD 5015.02 (RMA criteria) | Access-control + named-authority + decision audit | Record declaration, file plan, disposition |
| MoReq2010 (Records systems) | Access-control service + entity-event decision audit | Classification, search, retention, disposition |
Honest scope (the §0 boundary, absolute). KYE Protocol™ governs whether an InSight-custodied record may drive a consequential action and under whose authority, and proves the basis — whether the action may proceed. KYE Protocol™ does not do IDP, store records, classify records, or run records-retention. KYE Protocol™ retains proof-of-governance (its own evidence chain), not Iron Mountain’s records; KYE Protocol™ audit-retention is not the customer’s records-retention. No Iron Mountain infrastructure or credentials are claimed. The live InSight DXP connector runtime is a declared external dependency (Iron Mountain InSight API credentials), never faked.
Qualified records-management & information-governance partners — apply through the Foundry.
The KYE Chain of Authority™ for Iron Mountain InSight DXP is a §68 sector product productised through the KYE Sector Pack Foundry™ Build tier, with Starter / Enterprise / Regulated deployment tiers; commercial distribution is value-based, qualification-gated, and disclosed under NDA to qualified applicants.