Runbook Library

Model Release Approval — Fine-tuned Models

v0.1.0 Last reviewed Sat May 09 2026 00:00:00 GMT+0000 (Coordinated Universal Time) ~90 min pre-deployment approval medium
Export Markdown Search library

Purpose

Provide a repeatable approval path for fine-tuned models so production traffic is not routed to unreviewed weights, undocumented adapters, or unevaluated failure modes.

When to use

  • You are promoting a new fine-tuned checkpoint (full or LoRA) beyond staging.
  • The base model is third-party or open-weights and your delta is non-trivial.
  • Governance requires evidence of data, evaluation, and ownership for this release class.

Prerequisites

  • Model card draft exists and lists base model, training data sources, and intended use.
  • Offline or shadow evaluation completed with documented pass criteria.
  • Rollback path defined (prior checkpoint ID or feature flag).

Steps

1. Confirm scope and ownership

Type: manual
Owner: ML platform lead
SLA: 1 business day

Verify the model card names a single accountable owner for the release and that the declared use case matches what product and security expect. Flag scope creep before deeper checks.

[IR / editorial review] Confirm owner titles and escalation path match your organization.

2. Validate training data and licensing

Type: manual
Owner: Data governance
SLA: 2 business days

Confirm provenance and license compatibility for every training split that influenced this checkpoint. Record dataset IDs or internal catalog references in the model card.

3. Attach evaluation summary

Type: file_upload
Owner: ML engineer
SLA: 2 business days

Upload the latest evaluation packet (safety, quality, regression). Redacted customer examples are acceptable; the file name should include checkpoint ID.

4. Security review for extraction and abuse

Type: form
Owner: Application security
SLA: 2 business days

Complete the standard AI release questionnaire: prompt injection surface, PII handling, tool use (if any), and known jailbreak tests attempted.

5. Release approver sign-off

Type: approval
Owner: Security operations leader
SLA: 1 business day

Named approver attests that steps 1–4 are satisfied and that production traffic may proceed per the rollback plan.

6. Notify routing / platform

Type: webhook
Owner: ML platform
SLA: same day

Trigger the internal change ticket or deployment workflow that records the approved checkpoint and timestamp (implementation-specific).