15 OQ-čiek, 11 risk register položiek, 8 explicitných predpokladov
Každá otázka má vlastníka a zoznam sekcií, ktoré blokuje. Risk register je kalibrovaný — likelihood × impact × mitigation. Predpoklady sú dokumentované, nie skryté.
Implementuje sa ako Astro island; mark-resolved capability + filter by owner / blocking section
Otázky pre prvé interné Allianz meetingy
Tieto otázky musia byť zodpovedané pred Phase 1 build kickoffom. Owner je menovaný explicitne, blocked sekcie odkazujú na konkrétne body brief-u.
11 rizík, kalibrovaná likelihood × impact, explicitná mitigation
Risk register je živý dokument — bude sa aktualizovať počas brief delivery a v každom AT review iteration cycle. Catastrophic risks majú multi-layered mitigation.
| Risk | Likelihood | Impact | Mitigation |
|---|---|---|---|
| AT review block (cold pitch) | Medium-High | Catastrophic | Pre-emptive red-team v každej sekcii; AT engagement strategy v sekcii 6.3 |
| OneTrust block na customer PII + AI | Medium | High | Cache-off mode toggle; ZDR; DPIA early |
| AI Community block na Anthropic pre customer-facing | Medium | High | Existing Group contract leverage; gradual rollout; existing precedent (pricing actuaries) |
| posAm vendor conflict v Phase 2-3 | High | Medium | Dokumentovaný explicitne ako risk; Phase 1 nedotýka posAm features |
| Anthropic deployment topology adds unexpected complexity (e.g., Bedrock = AWS surface) | Medium | Medium | Two deployment options designed; decision gated on OQ-2 |
| ADP-SK never materializes | Low-Medium | Low (we have Oracle path) | Adapter pattern shielded; Oracle remains viable indefinitely |
| Phase 1 timeline slip due to compliance gates | High | Medium | Realistic 4-6 mes. compliance baked into roadmap; parallel gates execution |
| Brokers identity threat surface | Medium | High | Threat model dedicated section; conditional access strict; just-in-time access |
| Multi-runtime (TS+Python) operational complexity | Low | Low | Clear separation per workload; AT runs both stacks today |
| Cost overrun na AI tokens v Phase 3 | Medium | Medium | Prompt caching + model tiering + batch inference; budget alerting; monthly review |
| Allianz brand misuse claim | Low | Medium | Brand Manual compliance; pre-approval s Allianz Marketing |
8 predpokladov, ktoré tento brief explicitne robí
Predpoklady sú dokumentované, nie skryté. Každý je označený ako verifiable — niektoré majú explicitný OQ pointer, ostatné sú baked-in business decisions, ktoré bude treba potvrdiť počas compliance gates.
Allianz Group Anthropic contract má ZDR + no-training clauses (TBD verify v sekcii 6)
Allianz Technology operuje v shared tenant model so strict landing zone constraints (per 4b answer)
Allianz SK má Azure subscription accessible pre nás so štandardnými RBAC oprávneniami
Allianz Group Brand Manual umožňuje internal advisory document use of Allianz brand
OneTrust + AI Community možné paralelne (not sequential)
posAm contract umožňuje paralelný customer-facing systém (žiadna exclusivity clause)
Microsoft Graph API access možný cez Allianz M365 tenant
DWH access pre new consumer možný (with provisioning lead time)
Pred kickoffom Phase 1 build
Žiadny deadline ako hard date, ale tieto položky sú prerequisite-y predtým, než spustíme writing fázu deliverable-u alebo pred prvým AT meetingom.
Action items pre Matúša sú pre-writing prerequisite-y — žiadny tvrdý deadline, ale 3 z nich (OQ-15, OQ-5, OQ-9) ovplyvňujú písanie spec-u. OQ-2 je nice-to-have pre architecture detailing.