ZAAP · Governance Referee · v1.0
ZAAP forces every AI proposal to prove its claimed ROI against the customer's actual process data — before a dollar is committed. Adjudicated under DoDFMR, FedRAMP High, ARC-AMPE, EU AI Act, and ISO 42001.
ROI Error Band · ini_2026_0142
+138% OVERSTATEDAt a Glance
vs. claim · HR Onboarding
fixed ceiling · 8-week sandbox
gate cadence · lie detector to pilot
WORM coverage · every artifact
01 — Barriers
And what ZAAP enforces in their place.
Vendor decks promise 50–80% labor reduction. Finance has no way to validate before signing. ZAAP forces a claim vs. as-executed reconciliation on real event-log data.
Policy and SOPs describe how work should run. Reality runs differently. ZAAP extracts both: As-Designed VSM from policy, As-Executed process map via PM4Py from event logs.
DoDFMR, FedRAMP High, ARC-AMPE, CJIS, EU AI Act, ISO 42001 — each demands its own evidence. ZAAP maps every initiative to its applicable framework set at intake.
Single-vendor AI stacks hide risk and inflate cost. ZAAP is vendor-agnostic — model registry, BYOM support, and a referee posture that survives vendor turnover.
Production AI without disposition, drift monitoring, or re-review triggers becomes a liability. ZAAP enforces WORM audit, Fairlearn bias gates, and codified kill-switch criteria.
02 — Lifecycle
From unproven claim to governed production.
01
The Lie Detector
Every proposal is reconciled: claimed ROI vs. ZAAP-validated ROI from process mining on real event logs. Overstatement % is published before any approval.
02
The Sandbox
8-week governed pilot under a fixed <$500K ceiling. Scope, evidence, and exit criteria are locked at gate entry. Conditional action items tracked to closure.
03
The Ledger
Production deployments live on a WORM audit ledger. Drift, bias (Fairlearn), and incident triggers force structured re-review. Kill-switch criteria are codified, not implied.
03 — Proof
Vendor claim vs. ZAAP-validated reconciliation.
| Metric | Vendor Claim | ZAAP Validated | Δ Error Band |
|---|---|---|---|
| Annual Hours Saved | 5,000 | 2,100 | +138% overstated |
| Annual Savings ($) | $350,000 | $147,000 | +138% overstated |
| Payback Period | 12 months | 28 months | +133% understated |
| Process Conformance | 85% | 41% | −44% gap to design |
Method: AsExecuted (PM4Py) · Band low/high: 1,900 / 2,400 hrs · Source: rerr_2026_0142
04 — Guards
01
Source documents never leave the controlled boundary. Extraction runs inside the customer enclave.
02
Every structured output is schema-validated. Hallucinated fields are rejected at the boundary, not in review.
03
Append-only ledger of every artifact, decision, and gate outcome. sha256 hashes on every evidence item.
05 — Use Cases
Anomaly detection on JV postings under DoDFMR. Claim vs. as-executed payback validated against GL.
Demand-signal classification across SAP + legacy. PM4Py conformance on order-to-cash event log.
Document intake + classification. The published 138% overstatement pilot — HR Onboarding under ARC-AMPE.
Tier-1 SOC triage assist. CJIS-bounded enclave, WORM evidence chain to incident response.
06 — Path
Step 01
Half-day session: portfolio-fit assessment, accelerator selection, compliance surface mapped to your frameworks.
Schedule WorkshopStep 02
Tenant configured from an Industry Accelerator. Wizard, lookups, gates, and approver matrix tuned to your EPMO.
See capabilitiesStep 03
8-week pilot under fixed <$500K ceiling. Lie detector reconciliation published. Disposition at gate 4D.
Review securityReady to validate a claim against your own event log?