Assessment input
0-3 scoring modelAutonomy
2
| Score | Autonomy level | Description |
|---|---|---|
| 0 | Answer only | The agent answers questions and does not take action. |
| 1 | Recommend | The agent suggests actions, but a human performs them. |
| 2 | Act with approval | The agent can prepare or execute actions after explicit approval. |
| 3 | Act autonomously | The agent can act from triggers or complete steps without case-by-case approval. |
Tool access
3
| Score | Tool access level | Description |
|---|---|---|
| 0 | No tools | The agent only generates responses. |
| 1 | Read-only tools | The agent can retrieve data but cannot change systems. |
| 2 | Limited write tools | The agent can create drafts, tickets, notes, or low-impact records. |
| 3 | High-impact tools | The agent can change customer, finance, HR, legal, security, or infrastructure state. |
Data sensitivity
2
| Score | Data level | Description |
|---|---|---|
| 0 | Public | Public information only. |
| 1 | Internal | Non-public business information with low sensitivity. |
| 2 | Confidential or personal | Customer, employee, commercial, contractual, or operational data. |
| 3 | Restricted or regulated | Special category personal data, credentials, secrets, payment data, legal privilege, regulated records, or security-sensitive information. |
Business impact
2
| Score | Impact level | Description |
|---|---|---|
| 0 | Minimal | Minor inconvenience or easily corrected output. |
| 1 | Low | Internal rework, limited user confusion, or small operational cost. |
| 2 | Moderate | Customer impact, compliance evidence gap, financial loss, data exposure, or process disruption. |
| 3 | Severe | Material legal, financial, safety, rights, security, regulatory, or reputational harm. |