A complete, end-to-end demonstration of the Innorve Method applied to a fictional mid-sized financial services firm. Every framework is operationalized as a real artifact you can read, copy, and adapt to your own work.
Northstar Systems, Inc. is a fictional mid-sized financial services firm building a Vendor-Risk Review Assistant. The assistant ingests a vendor's SOC 2 report, their data-processing addendum, and a brief risk questionnaire. It produces a draft risk assessment, a recommended set of compensating controls, and a decision record routed for human approval.
The scenario was chosen because every regulated organization has vendors and vendor risk; it naturally exercises all eight Innorve Method frameworks; and the data is straightforward to keep entirely synthetic.
.example TLD throughout. Do not use these artifacts as legal, compliance, or risk-management advice.Eight frameworks. Eight named artifacts. Read them in order, or skip to the one nearest your current work.
The vendor-risk workflow is decomposed into three composable skills: classify the document, assess the risk, recommend the controls. Each is independently testable.
Evidence: scenarios/vendor-risk-review/skill-graph.md
A single YAML policy declares who can invoke each skill, on what data classes, with what approval thresholds, and which refusal modes are mandatory.
Evidence: policies/vendor-risk.policy.yaml
Every invocation produces an audit log entry. The Governance Binder folder is populated from the first commit — model card, eval report, prompt register, risk register.
Evidence: governance/ + audit-trail/
Three Skill Contracts (vendor-risk-assess, vendor-document-classify, vendor-control-recommend) with typed input/output, evidence requirements, refusal modes, and risk classes.
Evidence: contracts/vendor-risk-assess.yaml
Two Maturity Gate Reports demonstrate the skill in two stages — Validated for the document classifier, Incubating for the higher-risk recommender — with explicit gate criteria.
Evidence: maturity-report/vendor-risk-assess-v0.2.yaml
The fictional vendor-risk function mapped across the seven SDLC phases in YAML and Mermaid. Shows where the skills fit and where capability is still absent.
Evidence: capability-graph/northstar-vendor-risk.yaml
Three Tenant Posture cards show the same skill posture-shifted for a startup tenant (lightweight), an enterprise tenant (formal), and a regulated tenant (strict + immutable evidence).
Evidence: tenant-postures/regulated-posture.md
The model selection document declares a primary, a fallback, a fail-closed default, and the migration triggers that would cause a swap.
Evidence: multi-tool-decisions/model-selection.md
The fastest way to internalize the Method is to copy a starter from this exemplar, swap the scenario, and produce the next artifact yourself.
https://github.com/Innorve-Inc/innorve-method-exemplarhttps://innorve.academy/exemplar