# Agent Charter

## 1. Summary

| Field | Value |
| ----- | ----- |
| Agent name | Policy Knowledge Assistant |
| Use case ID | UC-001 |
| Business or operating context | HR policy support |
| Business owner | HR Operations Lead |
| Product owner | HR Knowledge Manager |
| Technical owner | M365 Platform Owner |
| Platform | Microsoft 365 Copilot extension |
| Environment | Pilot |
| Risk tier | Medium |
| Lifecycle status | Proposed |

## 2. Outcome

- Target outcome: Reduce routine HR policy response time and improve answer consistency.
- KPI baseline: Average first response time is 2 business days.
- KPI target: 80 percent of policy questions answered same day.
- Measurement method: Pilot analytics, sampled answer review, and HR ticket deflection.
- Review cadence: Weekly during pilot, monthly after release.

## 3. Scope

In scope:

- Answer questions from approved HR policy pages.
- Cite the source page used for each policy answer.
- Route employee-specific or ambiguous questions to HR operations.

Out of scope:

- Individual employment advice.
- Payroll corrections or benefits enrollment changes.
- Interpretation of policies outside the approved source library.

Prohibited actions:

- Create, update, or delete employee records.
- Provide legal advice or make eligibility determinations.
- Answer from unapproved files or personal chat history.

## 4. Users And Channels

- Target users: HR business partners and employees in the pilot group.
- User channel: Microsoft 365 Copilot.
- Authentication method: Entra ID.
- Authorization model: Current user permissions with SharePoint permission trimming.

## 5. Knowledge And Grounding

| Source | Purpose | Owner | Freshness | Permission Model | Compliance Notes |
| ------ | ------- | ----- | --------- | ---------------- | ---------------- |
| HR policy SharePoint library | Ground answers in approved policy content | HR Knowledge Manager | Daily | Microsoft 365 group permissions | Contains employment policy content |
| Regional HR FAQ pages | Answer region-specific questions | HR Operations Lead | Weekly | Region-based SharePoint groups | Archive stale pages before pilot |

Grounding pattern:

- RAG/search: Microsoft 365 Copilot grounding over approved SharePoint sources.
- API/tool access: None for pilot.
- MCP/connectors: None for pilot.
- Other: Source citation required for all policy answers.

## 6. Tools And Actions

| Tool Or Action | Read/Write | System | Required Permission | Approval Required | Audit Evidence |
| -------------- | ---------- | ------ | ------------------- | ----------------- | -------------- |
| Policy search | Read | SharePoint Online | Current user access | No | Copilot interaction logs and cited source |
| HR escalation link | Write draft only | HR ticketing intake | Pilot user access | User submits final request | Ticket intake audit log |

## 7. Orchestration

- Single-agent or multi-agent: Single-agent pilot.
- Orchestration approach: Grounded question answering with escalation when confidence or policy coverage is insufficient.
- Deterministic workflow points: Escalation link and ticket routing use fixed forms.
- Human approval points: User confirms before submitting any HR ticket.
- Fallback path: Direct users to HR operations when answer cannot be grounded.
- Escalation path: HR operations queue owned by the HR Knowledge Manager.

## 8. Memory, Retention, And Privacy

- Conversation history retention: Follow tenant Copilot retention policy.
- Business or operational data retention: No new business records created by the agent during pilot.
- Memory allowed: Session context only.
- Memory prohibited: Persistent memory containing employee-specific details.
- Sensitive data handling: Do not request personal employee details unless routing to HR intake.
- Deletion process: Use standard Microsoft 365 retention and deletion workflow.

## 9. Instructions And Prompt Library

- Instruction owner: HR Knowledge Manager.
- Versioning method: Managed prompt file in the HR pilot repository.
- Review process: Weekly review with HR operations and M365 platform owner.
- Approved prompt library location: HR pilot SharePoint workspace.
- Prompt evaluation method: Golden question set with source citation and escalation checks.

## 10. Security And Responsible AI Controls

| Control Area | Required Control | Evidence |
| ------------ | ---------------- | -------- |
| Identity and access | Entra ID and SharePoint permission trimming | Pilot access test results |
| Data loss prevention | Sensitivity labels on HR policy sources | Purview label review |
| Prompt injection defense | Ignore instructions embedded in source documents | Red-team test results |
| Content safety | Refuse unsupported employment advice | Golden test set review |
| Audit trail | Retain conversation and source evidence per tenant policy | Copilot usage export |
| Human oversight | Escalate ambiguous or employee-specific questions | Sample escalation log |
| Privacy and compliance | Do not store employee-specific memory | Privacy review signoff |
| Cost control | Monitor pilot usage weekly | Copilot usage dashboard |

## 11. Operations

- Telemetry location: Copilot usage dashboard and HR pilot review workbook.
- Dashboard owner: M365 Platform Owner.
- Support owner: HR Operations Lead.
- Incident process: Route suspected data exposure to security and privacy intake.
- Pause procedure: Remove pilot group access and disable app publication.
- Review cadence: Weekly during pilot.
- Retirement criteria: Retire if answer quality remains below 85 percent after source remediation.

## 12. Approval

| Role | Name | Decision | Date |
| ---- | ---- | -------- | ---- |
| Business owner | HR Operations Lead | Pending | 2026-06-20 |
| Product owner | HR Knowledge Manager | Pending | 2026-06-20 |
| Security | Security Reviewer | Pending | 2026-06-20 |
| Compliance/privacy | Privacy Reviewer | Pending | 2026-06-20 |
| Platform owner | M365 Platform Owner | Pending | 2026-06-20 |
| Operations owner | HR Operations Lead | Pending | 2026-06-20 |