# RFP Checklist — KLA vs Fiddler (Regulated Agent Workflows)

Last updated: 2025-12-17 · Version v1.0  
Not legal advice.

## Audit deliverables (minimum viable)
- Monitoring plan + sampling policy (risk-tiered, auditable)
- Human oversight SOP + decision records (approvals, escalation, overrides)
- Evidence pack export bundle (manifest + checksums)
- Audit log retention policy + integrity verification
- Annex IV-style documentation export mapping (fields → evidence)

## What to verify (beyond “monitoring”)
- Can the system enforce **policy checkpoints** at decision time (block/review/allow)?
- Are approvals and overrides captured with identity/role, timestamps, reviewer context, and policy version?
- Can you export a verifiable evidence bundle for an auditor to validate independently?

## Where Fiddler typically fits
- Strengths: AI observability/monitoring programs and reporting.
- Common gap to close for audits: workflow-level governance (role-aware queues + policy enforcement evidence) and Annex IV-style export bundles tied to decisions.

Links:
- Compare page: `/compare/kla-vs-fiddler`
- Evidence pack checklist: `/resources/evidence-pack-checklist`
- Sample Evidence Room export: `/downloads/evidence-room-sample.pdf`