Informative Appendix (non-normative)
For teams that also want to publish a structured companion artifact, see the Conformance Claim Schema appendix.
This appendix provides an optional template for any platform operator who chooses to document their APTS conformance: vendors publishing claims to their customers, service providers standing behind a platform they operate for clients, and enterprise security teams running an internal autonomous pentest platform who want to surface their conformance in customer-facing trust documentation (trust center pages, security whitepapers, customer security questionnaires, or SOC 2 complementary user entity control narratives). Use of this template is entirely voluntary. There is no requirement to submit this claim to any organization, certification body, or third party. Platform operators may use this template as-is, adapt it to their own format, or choose not to publish a conformance claim at all.
| Field | Value |
|---|---|
| Organization Name | [Vendor, service provider, or enterprise operating the platform] |
| Platform Name | [Product or platform name] |
| Operator Type | [Vendor / Service provider / In-house enterprise platform] |
| Platform Version | [Version evaluated] |
| APTS Version | v0.1.0 |
| Claimed Tier | [Tier 1 / Tier 2 / Tier 3] |
| Claim Date | [YYYY-MM-DD] |
| Assessment Method | [Internal self-assessment / Independent internal review / Third-party assessment] |
| Contact | [Name and email for inquiries] |
[Describe the platform configuration, deployment model (SaaS, on-premises, hybrid), and autonomy levels (L1-L4) covered by this claim. Note any modules, features, or deployment modes excluded from the assessment.]
This section is required for any tier claim. It captures the foundation model powering the agent runtime at the time of the claim and the capability baseline referenced by APTS-TP-021 and APTS-TP-022.
| Field | Value |
|---|---|
| Provider | [for example, OpenAI, Anthropic, Google, Meta, self-hosted] |
| Model Family | [for example, GPT-5, Claude Opus 4, Gemini 2] |
| Model Version or Identifier | [Exact version string, not "latest"] |
| Release Date | [YYYY-MM-DD] |
| Fine-Tunes or Adapters | [List operator-applied fine-tunes or adapters, or "None"] |
| Capability Baseline Reference | [Link or document ID for the documented capability baseline] |
| Last Re-attestation Date (APTS-TP-022) | [YYYY-MM-DD, or "Initial claim"] |
| Next Scheduled Review | [YYYY-MM-DD or trigger condition] |
[If the platform supports model substitution at runtime, disclose each approved model in a separate row and identify which engagements use which model.]
| Domain | Requirements at Claimed Tier | Met | Notes |
|---|---|---|---|
| Scope Enforcement (SE) | [count] | [count] | |
| Safety Controls (SC) | [count] | [count] | |
| Human Oversight (HO) | [count] | [count] | |
| Graduated Autonomy (AL) | [count] | [count] | |
| Auditability (AR) | [count] | [count] | |
| Manipulation Resistance (MR) | [count] | [count] | |
| Supply Chain Trust (TP) | [count] | [count] | |
| Reporting (RP) | [count] | [count] | |
| Total | [count] | [count] |
Reminder: APTS requires 100% of requirements at the claimed tier to be met. Partial credit is not awarded.
[If the platform implements any advisory requirements (documented in the Advisory Requirements appendix), list them here. This is optional and provided as a differentiator for customers seeking additional assurance.]
| Advisory Requirement | Implemented | Notes |
|---|---|---|
| [ID and title] | [Yes/No] |
[Describe what evidence is available to customers upon request. Examples: completed APTS Checklists, kill switch demonstration recordings, sample audit logs, data destruction certificates, adversarial test reports. Platform operators are not required to share any evidence unless they choose to.]
[Document any declared scope boundaries or architectural constraints where the platform's approach differs from the standard's recommended defaults. Examples: "Platform does not support L4 autonomous operation" or "Multi-tenant isolation uses namespace separation rather than dedicated infrastructure." This section describes deliberate design decisions, not implementation gaps.]
Platform operators may attach or append supporting evidence to this claim. Evidence pages are entirely optional and may be added, removed, or updated independently of the claim itself. Examples of evidence that platform operators may choose to include:
Each evidence page should reference the requirement ID(s) it supports (for example, "Evidence for APTS-SC-009: Kill Switch") so that customers can trace evidence back to specific requirements.
[Append evidence pages below this section as needed.]
| Date | Version | Change |
|---|---|---|
| [YYYY-MM-DD] | [1.0] | [Initial conformance claim] |
Disclaimer: This conformance claim is an operator-provided assessment. See the Introduction for the APTS verification model. Customers may independently verify these claims using the Vendor Evaluation Guide or the optional Customer Acceptance Testing appendix.