# CounterAegis Procurement Checklist

Use this checklist during security, compliance, and procurement diligence.

## 1) Controls and Governance

- [ ] Verify incident-level evidence includes identity, provenance, and governance linkage.
- [ ] Confirm chain continuity verification is runnable and documented.
- [ ] Confirm evidence export format supports internal audit/legal review.

## 2) Deployment and Operations

- [ ] Confirm deployment model (managed or self-host) and ownership boundaries.
- [ ] Confirm migration path between evaluation and production environments.
- [ ] Confirm monitoring, backup, and recovery procedures are defined.

## 3) Security and Data Handling

- [ ] Confirm evidence integrity protections (sealed packets + chain verification).
- [ ] Confirm key handling and rotation workflow responsibilities.
- [ ] Confirm API access and credential lifecycle controls.

## 4) Evaluation and Validation

- [ ] Run live incident replay continuity validation.
- [ ] Review latest validation artifacts and test gates.
- [ ] Confirm success criteria for pilot-to-production conversion.

## 5) Commercial Readiness

- [ ] Align stakeholder owners (security, compliance, legal, engineering).
- [ ] Define pilot success metrics and timeline.
- [ ] Schedule final technical/compliance review.