COMPEL Specialization — AITM-DR: AI Data Readiness Associate Artifact Template 1 of 1
This template is populated per use case. It is a working document; the practitioner fills each section with evidence collected during the engagement. A completed scorecard is the primary deliverable of the AI Data Readiness Associate practice.
How to use this template
Copy the template into a new document titled Data-Readiness-Scorecard--{use-case-name}--v{n}--{date}. Version numbers increment on each refresh. Prior versions are retained for trajectory analysis.
Fill every section. Sections that do not apply should be marked explicitly as “Not applicable — [reason]” rather than left blank. Blank sections are audit findings.
Evidence references are numbered E01, E02, E03… across the document. Every claim in sections 3, 5, and 6 should reference at least one evidence entry. Claims without evidence references are unsupported.
Section 1 — Executive summary
Use case: [Name] Risk tier: [Low / Medium / High / EU-AI-Act-high-risk] Determination: [Fit / Conditionally fit — [conditions summary] / Not fit] Scorecard version: [n] Date: [YYYY-MM-DD] Practitioner: [Name, role]
Summary (three paragraphs):
Paragraph 1 — the use case and the determination. State the use case in one sentence. State the risk tier and its rationale. State the determination.
Paragraph 2 — three most material findings. Name the three dimensions with the most material gaps. Each in one sentence. Do not minimize; the sponsor must see the real picture.
Paragraph 3 — top three remediation priorities. Name the three remediations that, if completed, would most change the determination. Each with a named owner and a target date.
Section 2 — Use-case scope
Use case description: [Full narrative — who, what, where, when, for what outcome.]
Risk-tier rationale: [Why this tier. Reference EU AI Act classification if applicable, internal risk policy, sector rules. Evidence reference(s): E__.]
Model type and training approach: [Supervised classification / regression / generation / retrieval / other. Training data volume, training approach, retraining cadence.]
Deployment context: [Who uses the system. In what operational role. With what human-in-the-loop. At what decision weight.]
Population served: [Demographic characteristics, geographic footprint, language coverage, accessibility considerations.]
Consent and lawful basis: [GDPR Article 6 basis for each data class. Article 9 basis if special-category data. Other regimes as applicable.]
Applicable regulatory perimeter: [EU AI Act classification. GDPR / other privacy regimes. Sector rules. Internal policies.]
Section 3 — Dimension scores
Complete the table below. Use the scoring key: 5 = exemplary, 4 = strong, 3 = adequate, 2 = weak, 1 = severe defect. Use color coding where the rendering supports it: Green = 4-5, Amber = 3, Red = 1-2.
| # | Dimension | Score | Threshold | Evidence | Gap | Owner |
|---|---|---|---|---|---|---|
| 3.1 | Accuracy | E__ | ||||
| 3.2 | Completeness | E__ | ||||
| 3.3 | Consistency | E__ | ||||
| 3.4 | Timeliness | E__ | ||||
| 3.5 | Validity | E__ | ||||
| 3.6 | Uniqueness | E__ | ||||
| 3.7 | Representativeness | E__ | ||||
| 3.8 | Freshness versus training cutoff | E__ | ||||
| 3.9 | Labeling agreement | E__ | ||||
| 3.10 | Distributional stability | E__ | ||||
| 3.11 | Lineage coverage | E__ | ||||
| 3.12 | Documentation currency | E__ | ||||
| 3.13 | Access-policy enforcement | E__ | ||||
| 3.14 | Subgroup coverage (absolute / relative / intersectional) | E__ | ||||
| 3.15 | Proxy audit | E__ | ||||
| 3.16 | Privacy / minimization | E__ | ||||
| 3.17 | Third-party source posture | E__ | ||||
| 3.18 | Drift monitoring coverage | E__ | ||||
| 3.19 | Incident-response wiring | E__ | ||||
| 3.20 | Sustainment metric set | E__ |
Overall quality index: [weighted average, or composite scoring rule, as applicable]
Section 4 — Evidence register
Number every evidence item. Each item must have a description, a source, a date, and a retention location. Evidence is the substance the scorecard rests on; errors here are errors in the scorecard.
| E# | Description | Source | Date | Retention location |
|---|---|---|---|---|
| E01 | [e.g., data profile output] | [e.g., ydata-profiling run on policyholder_interactions_2024_v7] | YYYY-MM-DD | [path or system of record] |
| E02 | ||||
| E03 | ||||
| E… |
Minimum evidence count: 15 for low-risk use cases; 25 for medium-risk; 40 for high-risk or EU-AI-Act-high-risk. Fewer items is a finding on the scorecard itself.
Section 5 — Gaps and risks
List each gap that materially affects the determination. For each, complete the fields below. Order by severity then by feasibility.
Gap G01
- Dimension: [from section 3]
- Description: [one paragraph]
- Consequence if unremediated: [named — regulatory, financial, operational, reputational, individual-harm]
- Remediation needed: [specific action]
- Cost / timeline: [rough order-of-magnitude cost and target date]
- Owner: [named role]
- Evidence references: [E__]
Gap G02
[…]
Gap G03
[…]
Section 6 — Remediation plan
The committed plan to close the gaps above. Each package has a named owner, a target date, and the dimensions it closes.
| Package | Covers | Owner | Target | Dependencies | Status |
|---|---|---|---|---|---|
| R01 — [name] | G01, G04 | [role] | YYYY-MM-DD | [upstream work] | Not started / In progress / Done |
| R02 — [name] | G02 | ||||
| R03 — [name] | G03, G05 |
Permanent constraints: [Gaps that cannot be remediated within the use-case timeline or budget. Each surfaced explicitly with its implication for the determination.]
Section 7 — Signoff
Each party signs to acknowledge they have reviewed the scorecard within their area of responsibility, not to confirm that every score is correct. A signoff carries a basis statement.
| Role | Name | Basis | Signature | Date |
|---|---|---|---|---|
| Readiness practitioner (author) | Overall scorecard quality and completeness | |||
| Data steward | Data governance, lineage, and contract coverage | |||
| Data engineer | Schema, SLA, and pipeline fitness | |||
| ML engineer | Fitness for the modeling approach | |||
| Product owner | Use-case scope and risk-tier assignment | |||
| Governance lead | Risk review and compliance sign-off | |||
| DPO / Privacy lead (where applicable) | Privacy and minimization posture | |||
| Legal (where applicable — third-party data, high-risk use cases) | Contractual and regulatory posture |
Refresh cadence
- Quarterly refresh for low-risk use cases
- Monthly refresh for medium-risk use cases
- Monthly refresh, plus triggered refresh after any severity-1 or severity-2 incident, for high-risk use cases
- Triggered refresh after regulatory-perimeter change, material data change, model retraining that changes deployment context, or supplier change
The refreshed scorecard carries an incremented version number. Prior versions are preserved. The trajectory across versions is itself an input to the next refresh.
Retention
Scorecards are retained for the longer of: the lifetime of the AI system plus 10 years, or the retention period required by applicable law, or the retention period specified by the organization’s evidence-management policy. Retention location is named in the governance artifact catalog.
Notes for first-time users
- Do not start with the executive summary. Write it last, after sections 2 through 7 are complete.
- Do not skip a dimension that seems not to apply — mark it explicitly as “Not applicable — [reason]”.
- Where evidence is thin, say so in the gaps section. Silence about evidence is worse than a candid finding.
- Length target for a first-cycle scorecard: 15-25 pages. Refresh scorecards are shorter (5-10 pages) because they build on the first cycle’s baseline.