Section navigation
LIFRecord LifecycleCUSCustody SurfaceTAXRecord TaxonomyOPBOperator BoundaryPUBPublish BoundaryNCRNon-Creation PosturePVPreservation and Legal HoldVERVerification and AuditAGTAgent RuntimeDELDelegation and Memory

ARCS-CUS: Custody Surface

Foundation Profile

The ARCS-CUS family addresses the problem of where records actually reside and through which systems they move. The controls in this family govern identification of custodians, declaration of vendor involvement, and visibility into the surfaces through which records are stored, relayed, or exposed. These controls are grouped together because governance depends on custody visibility. Records cannot be governed reliably if the relevant holding and propagation surfaces are unknown, partial, or inferred only after the fact.

The formal definition and scope of this family are maintained in the Standard.

ControlDescription
CUS-01The operator SHALL define custody surface: all layers including application, storage, logging, safety, backup, analytics, model providers, infrastructure.
CUS-02The operator SHALL identify custodians: legal entity, system owner, data controller or processor, vendor.
CUS-03The operator SHALL map record location: category to storage system, vendor, retention policy, deletion control.
CUS-04The operator SHALL define multi-vendor propagation: which vendors receive records, what categories, whether vendors retain or derive.
CUS-05The operator SHALL disclose vendor retention: duration, configurability, suspension capability.
CUS-06The operator SHALL define custody surface during preservation: vendor notice, deletion suspension, unverifiable locations documented.
CUS-07The operator SHALL govern derived artifact custody: embeddings, safety classifications, telemetry, training feedback.
CUS-08The operator SHALL govern backup and archive custody: retention, deletion, preservation behavior.
CUS-09The operator SHALL produce custody surface disclosure sufficient for procurement, audit, legal, and regulatory purposes.
CUS-10Where agent delegation chains create records across multiple vendors, the operator SHALL map each vendor in the chain as a separate custody surface entry and assess the combined chain for custody fragmentation.
CUS-11Authorization-gap custody: where an agent creates records documenting actions not authorized by any party in the custody triad (user, operator, provider), the operator SHALL map custody obligations for those records regardless of authorization status.
CUS-12Vendor governance declarations: for each vendor surface, the operator SHALL obtain structured, dated, and verifiable documentation of retention duration, preservation capability, deletion support, and record acquisition modalities. Where vendor documentation is unavailable, treat as unknown surface and disclose.