Sovel
Trust & Compliance

Built for regulated
industrial environments

Sovel operates in maintenance and reliability contexts governed by asset management standards, process safety regulations, and quality requirements. Trust is not a feature — it is the architecture.

Audit-log architecture
Every decision logged
Reviewer primacy
No autonomous writes
Your data stays yours
Not used for model training
Full traceability
Signal → governed artifact

How Sovel Earns Your Trust Through Architecture.

  • Provenance per inference

    Every suggestion carries cited sources, model version, confidence, and reviewer history.

  • Immutable audit trail

    Every decision — accept, edit, reject — is recorded with reason code and reviewer identity.

  • Reviewer is final governor

    No autonomous commits to governed truth. Humans decide; Sovel remembers.

  • Inferred from your corrections

    The Correction Inference Engine personalizes suggestions based on each reviewer's history.

  • Knowledge-governance-first

    Detection, capture, governance, placement, monitoring — designed as one continuous loop.

Trust by Pattern

Industrial-governance HITL patterns we implement

Five patterns identified as the 2026 state-of-practice for safe LLM use in regulated industrial workflows. All five are scaffolded in Sovel today. These are what an operator should expect of any AI system writing into compliance-graded knowledge.

Structured side-effect blocks

Every governed write is a typed, content-hashed JSON object — never free-text into production. Reviewer sees the structure before placement.

Bounded auto-retry before human handoff

The AI co-reviewer attempts a finite number of retrieval and refinement passes, then yields to the human gate. No infinite loops, no silent failures.

Dry-run / approval gates on every governed write

No autonomous commits to governed knowledge. Ever. Reviewer is the final governor of what becomes operational truth.

Append-only audit logs

Model version, confidence, cited sources, reviewer identity, timestamp — captured per inference, never mutated. The regulator-audit-ready substrate.

Drift scanning

Freshness/decay signals + contradiction detection continuously surface entries whose context has shifted, so the governed knowledge base does not silently rot.

Regulatory Alignment

Standards Sovel is designed alongside

Sovel does not claim certification for standards that require formal third-party audits. What we can say: the product architecture reflects the requirements of the following frameworks, and we designed against them deliberately.

ISO

ISO 55001 — Asset Management

Knowledge requirements for asset management systems

ISO 55001 requires that organizations document and maintain the knowledge necessary to operate their asset management system. Sovel addresses Section 7.2 (competence documentation), Section 7.1 (knowledge resources), and the broader requirement that asset knowledge be retained when people leave. The Operations Skill structure and reviewer governance chain directly support ISO 55001 evidence requirements.

PSM

OSHA PSM (29 CFR 1910.119)

Process Safety Management for highly hazardous chemicals

OSHA PSM requires written operating procedures, employee training records, and process safety information to be current and accessible. Sovel's procedure drift detection directly supports PSM incident investigation and root cause analysis requirements — specifically flagging when actual field practice has diverged from the documented safe operating procedure. The audit trail supports PSM audit readiness.

FDA

FDA 21 CFR Part 11 (Electronic Records)

Electronic records and signatures for FDA-regulated industries

Part 11 requires that electronic records used in FDA-regulated manufacturing be trustworthy, reliable, and equivalent to paper records. Sovel's immutable audit log (timestamped, attributed, non-overwritable) and structured reason codes support Part 11 record-keeping requirements. Review workflows enforce author attribution and approval chain documentation consistent with Part 11 §11.50 (signature manifestations).

SOC

SOC 2 Type II (in progress)

Security, availability, and confidentiality controls

Sovel is a pre-GA product in active development. Formal SOC 2 Type II certification is on the roadmap for general availability. Current data handling practices are designed against the SOC 2 trust criteria — access control, encryption at rest and in transit, incident response, and change management. Enterprise pilot customers can request a security overview.

In progress — pre-GA
Audit Log Architecture

The full chain from signal to artifact

Every event in Sovel that affects a knowledge object is logged with timestamp, author, action type, and structured rationale. The log is append-only. Nothing overwrites. The full decision history of any Operations Skill is reconstructable at any point in time.

  • WO signal attribution. Each detection event is tied to the specific work order IDs that triggered it. The evidence chain starts at the raw data.
  • Capture attribution. Voice and text contributions are attributed to the contributing technician, with timestamp and linked WO.
  • Governance log. Every reviewer action (APPROVE / EDIT / REJECT / DEFER) is logged with author, timestamp, reason code, and diff of any edits made.
  • Version history. Each edit to a placed Operations Skill creates a new version. Prior versions are retained in full — no destructive edits.
Audit log — Operations Skill KS-0047
2025-11-14 09:12
APPROVE · J. Miller
Reason: "Field-verified over 9 recurrence events on RAS-04"
2025-11-13 14:38
EDIT · J. Miller
Changed: step 3 torque spec 40→45 ft-lbs. "OEM superseded by site test data."
2025-11-13 09:05
DRAFT · AI extraction
Source WOs: WO-2284, WO-2301, WO-2318. Author: R. Delgado.
2025-11-12 16:47
CAPTURE · R. Delgado (voice)
Linked to WO-2318 · Asset: PUMP-RAS-04
2025-10-29 07:15
DETECT · Gap engine
Rule: knowledge-concentration · Severity: HIGH · WO-2284
Data Handling

Your operational data is not our product

Not used for model training

Your work order history, expert contributions, and governed knowledge objects are never used to train or fine-tune any AI model — ours or third parties'. Your operational data is not a training input.

Encrypted at rest and in transit

All customer data is encrypted at rest (AES-256) and in transit (TLS 1.3). Access is role-scoped — reviewers, technicians, and administrators have separate permission tiers. API keys are stored as environment variables, never hardcoded or logged.

Data portability

All governed Operations Skills, audit logs, and knowledge graph structures are exportable in standard formats (JSON, CSV). You are never locked into Sovel as the exclusive keeper of your institutional knowledge.

The governance architecture is itself the trust model

Most knowledge management tools treat governance as an add-on — a checkbox before publishing. Sovel is designed the other way: the governance architecture is the product. Nothing becomes operational truth without explicit human review, attributed reason codes, and an immutable audit trail.

This matters most in regulated environments where the cost of wrong or unattributed information is a safety incident, a failed audit, or a liability claim. Our answer to "how do you know this is right?" is a reviewable chain of custody — not a confidence score from a model.

AI models in Sovel surface candidates and structure drafts. They do not approve. They do not write to governed knowledge. The human reviewer is not a rubber stamp — they are the source of truth, and the system is designed to make their judgment as informed, documented, and auditable as possible.

Questions about compliance fit?

Talk to us about your regulatory context. We'll tell you honestly where Sovel fits and where it doesn't — and what the pilot diagnostic would look like for your environment.

Get in touch