Vordan·Framework

Public Specification  ·  Version 1.0

Vordan Accountability Framework

The public specification of the VAF. Six components. Three accountability tiers. One standard. Organizations may use this specification to build toward accountability independently. A Gap Score requires a formal Vordan assessment.

VAF v1.0 Public Specification May 2026 Six Components Three Tiers
Download PDF Specification VAF Assessment Instrument

Doctrine

Accountability is not a property of a compliance document. It is a property of a system and the organization behind it. A system is Accountable by Design when accountability can be established before an incident, not reconstructed after one.

The VAF measures the distance between where an organization stands and that standard. That distance is the Gap Score. The goal is not a perfect score. The goal is a documented, revisable, and comparable trajectory of closing the distance.

Where in your organization right now is a tool running ahead of the rule designed to govern it? That gap is what we are here to map.

Assessment instruments

The VAF is applied through three formally defined instruments. Each produces a different class of finding. They are not interchangeable and do not substitute for one another.

Instrument 01

VAF Assessment

The gold standard instrument. Requires direct organizational access: practitioner interviews, live evidence navigation, decision trail reconstruction, and signature gates at each component. Produces an official Gap Score out of 100.

Organizational Access Required

Instrument 02

VEPA

The Vordan External Posture Assessment. Applied where direct access is not available. Uses VAF accountability logic against the public record: documentation, filings, disclosed incidents, public statements. Produces external posture findings, not Gap Scores.

Public Record

Instrument 03

AAB

The Agentic Accountability Baseline. Applied to organizations deploying autonomous AI systems. Evaluates accountability posture against the Vordan Agentic Accountability Baseline for non-human decision chains, agent identity, and autonomous action traceability.

Agentic AI

The three accountability tiers

Each VAF component is evaluated against three tiers. An organization must satisfy the evidence requirements of a tier for that tier to count toward its assessment. Assertion is not evidence. The tier is determined by what the organization can show, not by what it believes to be true.

Tier 01

Exists

The accountability structure, policy, or control is present in documented form. Documentation exists. It has not been demonstrated to function.

Tier 02

Functions

The structure is demonstrably operational. Evidence of active use is required, not just existence. The documentation reflects practice.

Tier 03

Active

Continuously maintained, tested, and updated. Governs behavior in practice, not just on paper. The highest tier. The standard Accountable by Design requires.

The six components

The VAF evaluates accountability across six components. Together they form a complete picture of whether an organization can answer for what its systems do. Every Vordan instrument operationalizes these six components differently. The components are the why. The instruments are the how.

Component 01
Origin
Who is accountable, and is it declared?

Origin evaluates whether accountability is named at the organizational level. A system or program with no declared owner has no one to answer for it. Origin does not assess competence. It assesses declaration.

Tier 1  ·  Exists

A named individual or role is assigned accountability for the system, program, or decision domain.

  • Documented ownership assignment
  • Named role in policy or governance document
  • Org chart reflecting accountability structure
Tier 2  ·  Functions

The named owner actively exercises that accountability through documented decisions.

  • Evidence of owner-level decisions in the record
  • Meeting minutes, approval trails, sign-off records
  • Named owner engaged in governance processes
Tier 3  ·  Active

Ownership is continuously reviewed, reassigned when roles change, and reflected in current documentation.

  • Succession plan for accountability roles
  • Review cycle documented and evidenced
  • No stale ownership gaps in the record
Component 02
Voice
Does the organization speak clearly and consistently about what it does and what it cannot do?

Voice evaluates the accuracy and consistency of an organization's public and internal representations of its systems and capabilities. Overclaiming is a governance failure. Underdisclosing is an accountability failure.

Tier 1  ·  Exists

Public and internal statements about system capabilities are documented.

  • Published product or service descriptions
  • Internal documentation of system scope
  • Disclosed known limitations or caveats
Tier 2  ·  Functions

Statements are reviewed for accuracy and updated when capabilities change.

  • Evidence of statement review process
  • Correction history when claims changed
  • Consistency between internal and external claims
Tier 3  ·  Active

A formal process governs what the organization claims and ensures claims are defensible under scrutiny.

  • Claims review policy in effect
  • Overclaims corrected proactively
  • Legal or compliance review of capability statements
Component 03
Traceability
Can decisions and actions be independently verified after the fact?

Traceability evaluates whether the organization maintains records sufficient to reconstruct what happened, who decided it, and on what basis. An audit trail that cannot survive scrutiny is not an audit trail.

Tier 1  ·  Exists

Logs, records, or documentation exist for material decisions and system actions.

  • Audit log infrastructure in place
  • Decision records retained per policy
  • Change management records available
Tier 2  ·  Functions

Records are sufficient to reconstruct a decision chain without gaps.

  • Successful audit using existing records evidenced
  • Log completeness verified through review
  • Records accessible within defined timeframes
Tier 3  ·  Active

Records are tamper-evident, independently verifiable, and retained beyond the minimum required period.

  • Cryptographic or immutable audit trail
  • Third-party verification of record integrity
  • Retention policy reviewed and tested regularly
Component 04
Timing
Does the organization act when the intelligence warrants it?

Timing evaluates the velocity of governance response relative to the velocity of the threat or change being governed. A policy updated annually in a threat environment that changes weekly is a timing gap.

Tier 1  ·  Exists

A process exists for monitoring and responding to relevant changes in the threat or regulatory environment.

  • Threat monitoring process documented
  • Defined escalation thresholds
  • Review cadence established in policy
Tier 2  ·  Functions

The organization has demonstrated timely response to material changes or incidents.

  • Incident response timeline documented
  • Policy updates traceable to triggering events
  • No material gap between threat and response
Tier 3  ·  Active

Response velocity is measured, benchmarked, and continuously improved.

  • Mean time to governance response tracked
  • After-action reviews evidenced
  • Response time targets documented and met
Component 05
Response
What happens when something goes wrong, and is that process documented before it is needed?

Response evaluates whether the organization has a defined, tested, and published process for handling failures, incidents, and errors. A response process that only exists after the incident is not a response process.

Tier 1  ·  Exists

An incident response or error correction process is documented.

  • Incident response plan in place
  • Correction and retraction policy documented
  • Defined notification obligations and timelines
Tier 2  ·  Functions

The process has been exercised and the record reflects actual use.

  • Prior incident response following documented process
  • Tabletop exercises or drills documented
  • Lessons learned integrated into updated process
Tier 3  ·  Active

The response process is tested regularly, publicly disclosed where applicable, and continuously refined.

  • Regular testing cadence evidenced
  • Public disclosure of response process
  • Third-party review of response adequacy
Component 06
Transparency
Is the organization's own governance posture visible to those with a legitimate interest in it?

Transparency evaluates whether the organization makes its governance structure, decision-making processes, and accountability posture accessible to those who need to assess it. Transparency is not disclosure of everything. It is disclosure of what is necessary for legitimate accountability.

Tier 1  ·  Exists

Core governance information is publicly or appropriately available.

  • Organizational structure disclosed
  • Ownership and accountability structure named
  • Relevant policies available to affected parties
Tier 2  ·  Functions

Governance information is current, accurate, and navigable by those who need it.

  • Policies reflect current practice
  • Information accessible without unreasonable friction
  • Material changes disclosed in a timely manner
Tier 3  ·  Active

Transparency is a stated organizational commitment with a defined process for maintaining it.

  • Transparency policy published
  • Conflict-of-interest and independence declarations in place
  • Third-party verification of governance claims

Methodology note

What is public.
What is not.

This specification publishes the VAF component definitions, tier criteria, and evidence requirements in full. Organizations may use this specification to assess their own accountability posture and build toward the Active tier on each component.

The Gap Score is a proprietary output of a formal Vordan assessment. The weighting algorithm, component aggregation methodology, and scoring instrument are not included in this specification. A Gap Score cannot be self-assigned. It requires direct organizational access, evidence review, and assessment by Vordan.

The standard is open so organizations can build toward accountability without waiting for an assessment. The score is closed so it cannot be gamed into a checkbox exercise.

Self-assessment guidance

For each of the six components, work through the three tiers in sequence. The question for each tier is not whether the structure exists in theory. It is whether you can produce evidence that it exists, functions, and is actively maintained.

Guidance I
Start with Origin
Name the person accountable for each material system or decision domain. If you cannot name them, that is your first gap. Everything else in the framework rests on this.
Guidance II
Evidence is the unit of currency
For each tier, the question is not what you believe is true. It is what you can show. Unverifiable accountability is not accountability. Build toward evidence first, documentation second.
Guidance III
Gaps are not failures
A gap is a distance measurement. Knowing the distance is the prerequisite for closing it. The VAF does not penalize organizations for finding gaps. It measures organizations that do not look.
Guidance IV
Build review cycles in from the start
A complete accountability posture that is six months out of date is a gap. Timing is the component that makes every other component relevant. Documentation that does not reflect current practice is governance theatre.
"A Gap Score cannot be self-assigned. Evidence is the only currency the VAF accepts."

Organizations that engage Vordan for a formal VAF Assessment receive the full scoring instrument, component weighting, and Gap Score with documented evidentiary basis. Assessments are handled confidentially.

For governance readiness assessments, external posture reviews, or formal VAF inquiries, reach out directly.

Inquire about a VAF assessment