Decision Provenance
Explained
For boards, principals, and serious decision-makers. Written in plain English. Leads with defensibility — not cryptography.
What provenance means
Provenance is the documented record of a decision — not just what was decided, but what was known at the time, who was accountable for it, what changed during the process, and whether the record itself has remained intact since it was sealed.
A provenance record is not a summary you write afterwards. It is built as the decision unfolds, capturing evidence, accountability assignments, and governance milestones in a tamper-evident structure.
What it proves
What was recorded: The specific evidence inputs, confidence levels, and governance assessments that existed at the time.
When it was recorded: Timestamps bound to the record — not editable after the fact.
Who was accountable: Named accountability owners, not diffuse “the team decided.”
What changed: Every revision is traceable. The system records what changed, not just the final state.
Whether the record is intact: A cryptographic hash of the canonical record is computed and stored. If the record is altered after sealing, the hash no longer matches — and verification fails.
If a governed decision is later challenged, the system can show what was recorded, when it was recorded, what changed, and whether the client-safe record still matches its stored hash.
What it does not prove
Provenance is not an audit opinion. It does not prove:
Decision quality: That the decision was correct.
Evidence accuracy: That the evidence was accurate — only that it was captured and classified.
Outcome quality: That the outcome was good.
Regulatory compliance: That the record complies with any specific regulatory standard unless that compliance layer has been explicitly built and verified.
Provenance proves process integrity — not outcome quality.
Why a board cares
A board is ultimately accountable for material decisions, even ones delegated to management. When a decision is challenged — by regulators, investors, counterparties, or in litigation — the board needs to demonstrate that a structured process was followed, material risks were identified and assessed, named individuals were accountable, and the record of that process has not been altered.
Without provenance, "we followed a proper process" is an assertion. With provenance, it is a verifiable record.
Why a regulator cares
Regulators increasingly require evidence of how decisions were made, not just what was decided. Governance frameworks in financial services, professional services, and regulated industries often require documented decision rationale, identified accountability, evidence of risk consideration, and audit trails that survive personnel changes.
A governed provenance record provides a structured, hash-verified audit trail that can be produced in response to regulatory enquiry — without requiring manual reconstruction from emails and meeting notes.
Why a client cares
A client commissioning a significant decision has a legitimate interest in knowing that the process was defensible. Provenance gives a client a client-safe summary of what was recorded, a hash they can verify independently, a chain of custody showing when key milestones occurred, and confidence that the record has not been altered since it was sealed.
This is especially relevant for clients who face their own governance obligations — institutional investors, professional services firms, regulated entities — who need to demonstrate due diligence in the decisions they commission.
What happens when a record changes
Every governed record has a canonical form — a precise, stable serialisation of its contents. When the record is sealed, a SHA-256 hash of that canonical form is stored.
If anything in the record changes after sealing — a field is edited, a note is added, a date is corrected — the canonical form changes. The new hash no longer matches the stored hash. Verification returns MISMATCH.
This means tampering is structurally detectable, not merely prohibited. You do not need to trust that no one edited the record. You can verify it.
How verification works in plain English
The system holds a governed record — a structured object capturing a decision and its governance history.
It also holds a hash: a 64-character string computed from the exact content of that record when it was sealed.
When you click “Verify integrity,” the system recomputes the hash from the current record — using the same algorithm, the same field ordering, the same rules.
It compares the recomputed hash to the stored hash.
If they match: MATCH — the record is intact.
If they differ: MISMATCH — something changed after sealing. Do not rely on this record until it has been reviewed.
If the record cannot be reached: UNAVAILABLE — verification is temporarily not possible.
The hash is not a password. It is a fingerprint. Change one character in the record, and the fingerprint changes entirely.
This document describes the provenance model used by Abraham of London for supported governed records. It does not constitute legal advice. The verification system demonstrates structural tamper-evidence — it does not replace independent legal or regulatory review.
See it in action
The public provenance demo lets you verify a real demonstration record — same hashing discipline, same verification model used for supported governed cases.