Policy · POL-04
current Key rotation in production
- owner
- Security
- interval
- 90 days
- last review
- 2026-04-02
Operational memory for AI
WiseWare is operational memory for high-stakes decisions.
AI only becomes useful in consequential work when it can inspect the current facts, rules, evidence, approvals, and history behind a decision. WiseWare turns scattered policy, compliance, customer, product, and operational context into source-backed records, executable checks, reviewable changes, and cited answers.
The problem Your organization already has the facts.
Your organization already has the facts.
It just can't reliably act on them.
Policies, laws, controls, course methods, case facts, evidence, commitments, exceptions, and approvals already exist across operational systems. The problem is knowing what is current, which rule applies, what evidence supports it, and whether the decision can be explained.
- Policy Last review · 14 months ago
A policy exists, but nobody trusts which version applies.
- Evidence Tickets · Drive · Slack
A control or obligation is marked done, but the proof is buried elsewhere.
- Case Case system · 5 screens
A decision was made, but the facts, rule, and approval are split across systems.
- Commitment Call · CRM · Contract
A customer commitment exists, but it never became operational memory.
This is not a content problem. It is an operational memory problem.
Why now
AI has made operational memory impossible to ignore.
Every useful AI workflow needs context that is current, permission-aware, rule-checked, and citeable. That matters most where decisions have legal, customer, financial, safety, educational, or audit consequences — and it has to outlast whichever model you happen to be running today.
What WiseWare does
Work artifacts become operational records and checks.
WiseWare reads the policy, ticket, case note, course method, call transcript, spec, or evidence file and turns what matters into structured memory: facts, obligations, decisions, evidence, permissions, and rule status. Every record keeps the link back to where it came from.
- Obligation what policy, law, or contract requires
- Fact case, customer, course, or control context
- Decision what was decided and why
- Evidence what supports the record
- Rule status what checks pass, fail, or need review
- State current, stale, superseded, disputed
- Permission who can see, use, or change it
Retrieval returns a document you still have to read, interpret, and trust.
…quarterly access review…
Operational memory returns the current understanding, with evidence and rule status.
Control · CTL-12
current Quarterly access review
- owner
- Security
- cadence
- Quarterly
- evidence
- Q2 2026 · signed by CTO
- check
- passes evidence rule
- next due
- 2026-07-15
How it works
A loop between source, proposal, review, and memory.
AI proposes memory changes. Humans approve canonical writes. Every approved change becomes part of a human-readable, auditable history. Domain rules then evaluate what is complete, stale, missing, conflicting, or ready to answer.
- 01Source inputchat, doc, ticket, call
- 02Proposed changeAI drafts memory diff
- 03Human reviewapprove, edit, reject
- 04Canonical memoryhuman-readable, versioned
- 05Indexes & answerscited, permission-aware
Corrections and new sources re-enter as proposed changes. The loop is the product.
Canonical memory is human-readable, rule-checked, and fully auditable.
Every approved change is a versioned, signed update. You can read, compare, revert, and export your memory at any time — nothing is locked inside WiseWare. AI never writes directly into canonical memory without human review, and domain checks rebuild against the approved records.
For the technical reader: the canonical layer is plain markdown files in a standard git repository. CEL and domain rules evaluate those records for health, eligibility, obligation coverage, stale evidence, and review flags.
- Source A transcript, chat, ticket, doc, or note is accepted as input.
- Proposal WiseWare drafts a change against existing memory objects.
- Review A human approves, edits, or rejects — with the source side-by-side.
- Rules Approved records are evaluated for gaps, stale state, conflicts, and required review.
- Canonical Approved changes land as a new version. Indexes, links, and health checks rebuild.
- Answer Questions get cited answers from current memory — or a flagged caveat.
@Quarterly access review · CTL-12
owner: Security
cadence: Quarterly
−last reviewed: 2026-01-15
+last reviewed: 2026-04-03
+reviewer: CTO
+evidence: Q2-Access-Review.pdf
state: current
Sources
+— Jira AC-128 (signed off 2026-04-03)
+— Slack #security · thread 2026-04-03
A proposed change from a closed ticket. One reviewer click turns it into canonical memory.
Operational systems vs operational memory
WiseWare does not replace the systems where work happens.
CRMs, LMSs, case-management systems, GRC tools, ticket trackers, and ERPs are optimized for doing work: accounts, courses, cases, controls, approvals, and transactions. WiseWare creates the introspectable layer around them, so AI and humans can inspect state, provenance, rule status, evidence, caveats, and decision history across systems.
AI cannot reliably act on knowledge that is locked inside workflows and UI screens. It needs inspectable records, rules, evidence, and history.
Agent memory Anyone can ingest documents.
Anyone can ingest documents.
The hard problem is keeping decisions trustworthy as reality changes.
Rules change. Evidence expires. People leave. Cases, commitments, courses, controls, and product decisions drift from their source. Operational memory health is the set of signals that keeps AI from treating stale or incomplete context as truth.
01
Evidence coverage
Claims, controls, obligations, and case decisions without support are visible as gaps.
02
Rule status
CEL and domain checks show what passes, fails, or needs human review.
03
Policy version
Records carry which policy, law, method, or obligation version applied.
04
Conflicts
Contradictions between records surface as disputes, not silent drift.
05
Review deadlines
Expired exceptions, stale evidence, and overdue approvals are marked before answers overclaim.
06
Ownership
Every operational record has an owner responsible for keeping it honest.
07
Permissions
Access rules travel with the memory, not just the source document or UI.
08
Supersession
When one decision, method, or policy replaces another, the old one points forward.
09
Version history
Every approved change is signed, readable, and reversible — the spine of trustworthy memory.
Memory is not useful because it was written. It is useful because it is still inspectable, current, and safe to cite.
Proof through use
One operational memory layer, many high-stakes domains.
Policy and compliance are the clearest wedge, but the same substrate applies anywhere decisions need evidence, rules, ownership, review, and history. Different domain packs. Same loop of source → proposal → review → rule-checked memory.
- ISMS / ISO 27001 policies, risks, controls, evidence, exceptions, findings, corrective actions, audit history
- AI Act Compliance AI systems, classifications, obligations, evaluations, oversight, incidents, change history
- Municipal Policy Operations laws, local policy, eligibility criteria, case evidence, decisions, appeals
- Educational Methodology teaching methods, learning outcomes, course activities, assessments, evidence, feedback loops
- Vendor Risk vendors, attestations, DPAs, access, reviews, obligations, third-party risks
- Customer Commitments promises, account context, security asks, deadlines, contract evidence, renewal risk
- Product Decisions roadmap rationale, tradeoffs, customer evidence, dependencies, superseded decisions
- Engineering Operations ADRs, incidents, migrations, dependencies, runbooks, deprecations, corrective actions
Domain pack · ISMS
Security and compliance as operational memory.
An ISMS is a demanding memory domain — policies, risks, controls, evidence, exceptions, findings, corrective actions, and audit history. It rewards traceability, freshness, rule checks, and temporal history. If operational memory can stay useful here, it can stay useful across other high-stakes domains.
This is not a full GRC suite. It is proof that WiseWare can maintain one high-stakes domain as living, reviewable, source-backed operational memory.
- Policy what the company decided
- Risk what could go wrong
- Control what mitigates the risk
- Evidence proof the control ran
- Exception what was deliberately set aside
- Check what rules pass or flag
Ask
What evidence supports quarterly access review this quarter?
Q2 access review was signed off by the CTO on 2026-04-03. Evidence is Q2-Access-Review.pdf, originating from Jira AC-128.
Cites CTL-12 Control · Quarterly access review EV-219 Q2-Access-Review.pdf AC-128 Jira · access review ticket
Exception · EXC-08
stale Legacy SSH access for vendor Acme
- expires
- 2026-04-30
- owner
- Platform
Policy · POL-11
superseded Onboarding security baseline
- replaced by
- POL-17 (2026-03-02)
Ask
Which exceptions expire this month?
One exception expires in April 2026: EXC-08 (Legacy SSH access for vendor Acme, Platform-owned). Renewal or closure is required by 2026-04-30.
EXC-08's last review is 41 days old. Consider re-confirming before renewal.
Cites EXC-08 Legacy SSH access · Acme
What it is not
Operational memory for decisions that need evidence, rules, and review.
- Not a wiki. Operational memory is checked, cited, and kept current.
- Not enterprise search. WiseWare returns rule status and evidence, not hits.
- Not a workflow system. Your CRM, LMS, GRC, case, and ticket tools keep running.
- Not autonomous judgment. Humans approve canonical writes and high-stakes decisions.
Build operational memory your people and AI can trust.
Tell us where high-stakes decisions depend on scattered context. We'll show you the same source → proposal → review → canonical memory loop, applied to your domain.