VALID Trust
A framework for qualifying AI suppliers in regulated life sciences. It decomposes any vendor into four pillars based on what the AI actually does in the workflow — then scopes the qualification work to exactly those pillars.
What the AI does decides how you qualify it
Most vendors trigger more than one pillar. A static classifier triggers Probabilistic Acceptance and Continuous Monitoring; an autonomous trial-design agent triggers all four. The framework's job is to make explicit which pillars apply, and to scope the work accordingly — because a single SOC 2 report answers none of them.
Generative AI Validation
Whenever the system produces novel content — text, structured records, draft documents — qualification concentrates on where that content comes from and whether it can be trusted and reproduced.
Agentic AI Governance
Whenever the system takes autonomous action across multiple steps or tools, qualification concentrates on how far that autonomy reaches and where human oversight is wired in.
Probabilistic Acceptance
Whenever outputs vary for identical-looking inputs, qualification concentrates on whether that variance is bounded, calibrated, and quantified rather than left implicit.
Continuous Monitoring
Whenever the model, its data, or its operating context can change after deployment, qualification concentrates on how change is detected, versioned, and governed over time.
Five steps from vendor to qualification
The pillars define what to assess. The decision logic defines the order of operations for a real vendor in front of you.
Map the vendor to the pillars
Determine which of the four pillars apply, based on what the system actually does. A static classifier triggers two; an LLM authoring tool triggers three; an autonomous agent triggers all four.
Run the pillar-specific questions
For each applicable pillar, work through the qualification questions specific to that AI modality. The questions for Generative AI Validation are not the same as those for Agentic AI Governance.
Apply the cross-cutting threads
Across all applicable pillars, run the four threads uniformly: security (AI-specific controls beyond ISO 27001), explainability, stakeholder communications, and supplier-qualification meta-questions — certifications, disclosure posture, contractual commitments.
Locate the validation-inheritance boundary
Map the supply chain — foundation model → wrapper vendor → hyperscaler → sponsor — and mark exactly where inherited validation ends and your own qualification work must begin.
Scope and issue the qualification decisionconfirm wording
Consolidate the pillar findings, thread checks, and inheritance boundary into a scoped qualification decision: qualified, qualified-with-conditions, or not qualified — with the residual obligations that fall to the sponsor named explicitly.
The validation-inheritance boundary
The hardest question in AI supplier qualification is not whether a vendor is trustworthy — it is where someone else's validation stops being yours to rely on. VALID Trust makes that boundary explicit across the supply chain.
Validation does not flow cleanly down this chain. Each handoff is negotiated rather than standardized, and the sponsor inherits only what is explicitly documented and contractually committed — everything else falls back to the sponsor to validate. Locating that line is what turns a vendor relationship into a defensible qualification.
Where this sits in the architecture
VALID Trust is the supplier-qualification control that makes the House of AI Trust defensible — it runs horizontally as one of the four cross-cutting threads rather than living in a single layer. The lifecycle's change-control step and the Error Taxonomy both lean on it when a third-party model is in scope.
License the VALID Trust framework
Using VALID Trust in your own qualification work? Book a licensing conversation.