Constraints
LMU/COICP Example
Constraints Example
Record LMU/COICP non-negotiable constraints so internal-review scope, AI disablement, synthetic data, role-based access, emergency boundaries, and sensitive-record exclusions do not expand by accident.
ES-102
Constraints
Boundaries
Example purpose
This artifact captures the non-negotiable constraints that shape LMU/COICP requirements.
Constraints protect the project from drifting into operational use, real incident handling, emergency response, sensitive records, uncontrolled AI, or broad visibility.
Project
LMU Campus Operations and Incident Coordination Platform
Document control
| Field |
Value |
| Artifact owner |
COICP Product Owner |
| Primary reviewers |
COICP Product Engineer, Architecture Review Board chair, IT security reviewer, AI reviewer, Compliance reviewer, Campus Safety liaison |
| Status |
Accepted for ES-102 requirements baseline |
| Last updated |
2026-07-06 |
| Related Engineering Stage |
ES-102 — Requirements and Constraints |
| Project workspace target |
docs/project-workspace/requirements/constraints.md |
Requirements context
| Field |
Value |
| Source vision package |
ES-101 — Vision and Problem Definition |
| Requirements baseline produced |
LMU-COICP-REQ-001 |
| Planning baseline expected next |
LMU-COICP-PLAN-001 |
| Architecture baseline expected later |
LMU-COICP-ARCH-001 |
| Design baseline expected later |
LMU-COICP-DES-001 |
| Implementation baseline expected later |
LMU-COICP-IMPL-001 |
| Integrated baseline expected later |
LMU-COICP-INT-001 |
| Release candidate expected later |
LMU-COICP-RC-001 |
| Downstream release posture |
Internal engineering review only |
| Planned downstream review environment |
LMU-COICP Internal Engineering Review Environment |
| Planned downstream dataset |
Spring Semester Synthetic Incident Dataset |
| Planned downstream synthetic records |
421 |
| Planned downstream reviewer accounts |
24 |
| Planned downstream review window |
March 18–22, 2026 |
| AI Incident Summary |
Deferred / disabled |
| Operational pilot |
Not approved |
Constraint register
| ID |
Constraint |
Scenario Driver |
Type |
Impact |
Status |
| C-001 |
The system shall not replace emergency dispatch or emergency notification systems. |
COICP-SYN-322 |
Operational / Governance |
Requires block/redirect behavior and no normal incident creation for emergency-related input. |
Accepted |
| C-002 |
The system shall not store medical, clinical, law-enforcement, disciplinary, student-conduct, or real campus incident records. |
all scenarios |
Legal / Policy |
Limits data model, use cases, access rules, synthetic dataset, review exports, and operations. |
Accepted |
| C-003 |
AI Incident Summary shall remain disabled through LMU-COICP-RC-001. |
all scenarios |
AI / Governance |
Requires AI disabled UI/configuration and no active AI data path. |
Accepted |
| C-004 |
Any future AI-generated summary shall not become official without accountable human review and acceptance. |
future AI only |
AI / Governance |
Requires future HumanReviewAction workflow before enablement. |
Accepted |
| C-005 |
Access to incident records shall be role-based and scenario-scoped. |
COICP-SYN-204 |
Security / Privacy |
Requires role matrix, Access Control Service, denied-action testing, and limited review package access. |
Accepted |
| C-006 |
Internal engineering review shall use only the Spring Semester Synthetic Incident Dataset. |
all scenarios |
Data / Compliance |
Limits downstream records to 421 synthetic records. |
Accepted |
| C-007 |
Internal engineering review shall use only approved reviewer accounts. |
all scenarios |
Security / Operations |
Limits downstream review access to 24 approved reviewer accounts. |
Accepted |
| C-008 |
The system shall preserve evidence sufficient to reconstruct selected scenario timelines. |
COICP-SYN-118, 219 |
Evidence / Governance |
Requires EvidenceEvent model and later reviewability tests. |
Accepted |
| C-009 |
The baseline shall not depend on broad enterprise integration to prove coordination value. |
COICP-SYN-407 |
Planning / Architecture |
Prevents expansion into enterprise ITSM or production integration. |
Accepted |
| C-010 |
Retention, access, and cleanup expectations must be reviewed before any real-user or production consideration. |
all scenarios |
Compliance / Governance |
Carries retention and cleanup decisions into architecture, operations, monitoring, and governance. |
Open |
| C-011 |
The system shall not make autonomous incident command, escalation, closure, discipline, blame, liability, or communication-approval decisions. |
all scenarios |
AI / Operational / Governance |
Requires human decision points and prohibited automation tests. |
Accepted |
| C-012 |
Operational pilot is not approved by this requirements baseline. |
all scenarios |
Release / Governance |
Prevents release/deployment language from implying real operational use. |
Accepted |
Explicit prohibitions
- No operational pilot approval.
- No production use.
- No real campus incident data.
- No emergency dispatch replacement.
- No emergency notification system replacement.
- No medical, clinical, law-enforcement, disciplinary, student-conduct, or unapproved sensitive records.
- No autonomous incident command.
- No automated discipline, blame, liability, closure, escalation, or communication approval.
- No unrestricted campus-wide visibility.
- No AI Incident Summary in RC-001.
- No hidden AI-generated official evidence.
- No review export that bypasses access control.
- No release without evidence for access, reviewability, AI disablement, emergency-boundary handling, and synthetic-data control.
Constraint risks
| Risk |
Scenario |
Impact |
Mitigation |
| Emergency-related input becomes normal incident. |
COICP-SYN-322 |
scope and safety violation |
block/redirect and Campus Safety wording review |
| Residence Life can export unrelated records. |
COICP-SYN-204 |
privacy/access violation |
scenario-scoped access and denied export test |
| AI summary appears in UI. |
all |
governance failure |
disabled feature flag and AI verification |
| Handoff occurs without evidence. |
COICP-SYN-118 |
auditability failure |
evidence event required and failure test |
| Real data is entered during review. |
all |
compliance issue |
synthetic-only rule and cleanup procedure |
| IT scenario expands into ITSM replacement. |
COICP-SYN-407 |
scope drift |
keep as optional ownership/handoff extension |
| Internal review is mistaken for operational approval. |
all |
release/governance risk |
preserve internal-review-only language |
Continue to Use Cases
Translate requirements into realistic university workflows.
Open Use Cases →