Skip to main content

Research & Development

The 3-Tier AI Safety System: How We Govern LLM Deployment at Global University

A three-layer governance framework for deploying LLMs responsibly in enterprise and academic settings. Covers data classification, model-level safeguards, and organizational policy.

Office of AI Transformation, Global University
5 min read

AI governance failures happen at three different layers: the data going in, the model in the middle, or the organization around both. A framework that only addresses one layer leaves the other two exposed. The 3-Tier AI Safety System is the operational checklist we use across our own deployments and in our consulting engagements.

Quick answer

  • Tier 1 — Data. Classification, privacy, access control, retention. What the model is allowed to see.
  • Tier 2 — Model. Prompt-injection defense, hallucination detection, output filtering, audit logging. What the model is allowed to do.
  • Tier 3 — Organization. Acceptable use, incident response, training, review. How humans interact with the model.

Every enterprise LLM deployment we run passes all three tiers. No tier can be skipped.

Tier 1 — Data

Scope: everything about what data the AI system is allowed to ingest, process, store, and transmit.

Controls

  • Data classification. Every data source used by the AI system is classified: public, internal, confidential, restricted. Restricted data never leaves the on-premise environment without explicit consent + audit trail.
  • Access control. Role-based access on source systems. AI systems inherit the access rights of the calling user, not a super-account.
  • De-identification. For any data leaving the network to a cloud API, personal identifiers are stripped or pseudonymized before egress.
  • Retention. Written retention policies for prompts, completions, embeddings, and fine-tuning datasets. Matches or exceeds the retention policy on the source data.
  • Training-use restrictions. Vendor contracts explicitly forbid use of your data to train their models.

This is the most underserved tier. Most enterprises think first about guardrails on the model, but the highest-risk failures — data leakage, unauthorized access, cross-border exposure — originate at the data layer.

Tier 2 — Model

Scope: the technical safeguards around what the model is allowed to do with whatever data reaches it.

Controls

  • Prompt-injection defense. Content sourced from outside the system (user input, RAG documents, external APIs) is treated as untrusted. Structural prompt patterns prevent injection from escaping into system-prompt territory.
  • Output filtering. Deterministic filters on outputs: PII blocks, banned-topic filters, length and format validation.
  • Hallucination detection. For factual outputs, retrieval-anchored citation validation: every factual claim must map to a source document.
  • Rate limiting and abuse detection. Per-user and per-workflow limits. Anomaly detection on usage patterns.
  • Audit logging. Every prompt, completion, and tool call is logged with user, timestamp, source system, and governance metadata. Logs are retained per Tier 1 retention policy.
  • Jailbreak monitoring. Regular red-team exercises against the production system to catch evolving attack patterns.

Tier 3 — Organization

Scope: policies, training, and processes that govern how humans deploy, use, and respond to incidents involving the AI system.

Controls

  • Acceptable use policy. Written, signed, and annually reviewed. Covers approved use cases, prohibited use cases, and escalation paths.
  • Training. All users of the AI system complete onboarding on safe use patterns, prompt hygiene, and when to escalate to a human. Our AI Academy runs customized versions of this for enterprise clients.
  • Reviewer gates. For high-stakes or customer-facing outputs, human-in-the-loop review for the first 30 days of production.
  • Incident response playbook. Detection, containment, assessment, notification, and root-cause analysis. Rehearsed annually via tabletop exercise.
  • Governance review board. Cross-functional (legal, security, business, technical) body that reviews new AI deployments before launch and active deployments quarterly.
  • Transparency to data subjects. Where AI influences customer-facing decisions, this is disclosed in privacy notices and, where required by law (GDPR Art. 22), explicit opt-out is offered.

How to adopt the framework

  1. Audit your current posture across all three tiers. Most teams find they have partial Tier 2 coverage (filters, some logging), minimal Tier 1 (data classification gaps), and informal Tier 3 (no written policy).
  2. Close Tier 1 first. Data classification and access controls are prerequisites for everything else. Without them, Tier 2 controls operate on unknown-quality inputs.
  3. Implement Tier 2 as code. Filters, audit logging, and prompt-injection defenses should live in reusable libraries, not per-project implementations.
  4. Write the Tier 3 policies and rehearse the incident response. An un-rehearsed incident plan fails at incident time.
  5. Audit annually. Regulations and attack patterns both evolve. The framework is not static.

Next step

The 3-Tier Safety System is a standing deliverable in our governance and risk advisory engagements. For institutions implementing it on their own, the framework is published under a permissive license — contact us for the detailed control catalog.

FAQ

Frequently asked questions

The 3-Tier AI Safety System is a governance framework the Office of AI Transformation uses to deploy LLMs responsibly. Tier 1 covers data classification, privacy, and access. Tier 2 covers model-level safeguards — prompt-injection defense, hallucination detection, output filtering, audit logging. Tier 3 covers organizational policy — acceptable use, incident response, training, and review.

Because the failure modes live at three different layers. A model-level guardrail does not help if the data feeding the model was mis-classified. An organizational policy is useless if the technical logging to enforce it was never implemented. The three tiers correspond to three distinct failure domains — all three must be designed, not just one.

It is narrower and operational. Responsible AI is a set of principles. The 3-Tier Safety System is a checklist of specific technical and organizational controls. Each control has an owner, a review cadence, and a failure criterion. Principles are aspirational; the 3-Tier system is auditable.

Yes. The 3-Tier framework is published as a methodology. The technical controls can be implemented against OpenAI, Anthropic, Google, open-weight models, or any combination. The organizational controls are vendor-agnostic. Our engineering team can help implement it, but the framework itself is not tied to any single stack.

The 3-Tier system is designed to satisfy Lebanon Law 81/2018, GDPR, the EU AI Act (high-risk AI provisions), and standard banking-sector requirements simultaneously. It was explicitly architected around the intersection of those regimes, plus pragmatic operational concerns.

Share this article

Share on XLinkedInFacebook
3-Tier AI Safety System: Enterprise LLM Governance Framework | Office of AI Transformation - Global University | Office of AI Transformation - Global University