A Decision Authority Register is a control-plane governance artifact that records the consequential decisions an organization has committed to governing structurally.
| Decision | Boundary | Curated action | Collapse |
|---|---|---|---|
| Production deployment | Unreachable without validated artifact provenance and correct workflow state | promote_to_production(artifact_digest) | Authority collapses after completion |
| Privileged debugging | Unreachable without an active incident and service scope | request_diagnostic_view(service, incident_id) | Session ends when the incident closes |
| Agent external action | Unreachable without verified context and approval state | execute_approved_action(task, approval) | Tool authority collapses when the task ends |
DAR versus a risk register
A risk register records exposures, threats, likelihood, impact, ownership, and treatment. A DAR focuses on the small number of consequential decisions where intent becomes authority: production change, privileged access, data movement, identity delegation, supplier access, security-control modification, and agent tool use.
Its purpose is to make the governance path explicit enough for security, platform, product, operations, and leadership to build and measure together.
The four-part format
Each entry should name the consequential decision, the bounded transition, the curated action, and the collapse trigger. The boundary should be written as “unreachable unless …,” not as a guideline. The curated action is the supported interface. Collapse defines how authority ends when the mission ends.
This format converts a broad statement such as “production deployment must be secure” into a buildable control-plane contract.
When a category counts as governed
Documentation alone is not structural coverage. A category counts as governed when the boundary is enforceable in the control plane, a curated action covers the real work, authority collapses automatically and reliably, and the paved road handles the great majority of executions.
Until those conditions hold, the entry represents intent and product backlog—not a completed governance claim.
How to start
Keep the first register small. Choose five to twelve high-entropy decision categories, then select one high-authority, frequent workflow under real pressure. Define the first unsafe trajectory to delete and turn that deletion into the first fully governed DAR row.
Repeated exceptions should feed the roadmap. A bypass may reveal a missing action, slow authority minting, poor collapse behavior, or a legacy path that remains easier than the governed one.