M
Meridian State UniversityOffice of the CIO · Enterprise Architecture
Restricted Internal
AI System Card
MSU AI Gateway
1. System purpose & scope
The MSU AI Gateway is the configured institutional deployment that powers Meridian GPT. It brokers user requests to vendor model endpoints, enforces data and access controls, and produces the audit trail governance relies on. Scope covers the web client, the API broker, and the connections to vendor models.
2. Architecture overview
A web client and API broker sit in front of multiple vendor model endpoints. The broker authenticates the user, applies rate limits, runs content and data-loss-prevention checks, forwards approved requests, and logs the exchange. No model weights are hosted locally; inference is performed by contracted vendors.
3. Model catalog & routing
Models offered
Reasoning model (vendor, text), fast assistant (vendor, text), and a vision-capable model (vendor, text + image), with an internal model summary recording local routing and approval notes.
Approved for
All vendor models approved up to Internal data; the vision model only for non-sensitive images. No model is approved for Confidential or regulated workloads.
Routing logic
The reasoning model is the default; users may switch manually. Image inputs route to the vision-capable model; high-volume, low-complexity tasks may route to the fast assistant.
Provider terms
All providers under contracted no-training terms, US region. Vendor model cards are public and linked from the model card.
4. Data flows & residency
Inbound
User prompts and uploaded files via authenticated session.
Processing
Vendor inference under contracted no-training terms, US region.
Stored
Conversation history (user-scoped) and access/usage logs (90-day retention).
5. Integrations & dependencies
- Campus SSO for identity and conditional access
- Data-classification service for input checks
- SIEM for security monitoring and alerting
- Optional LMS link to surface Meridian GPT in courses
6. Identity & access controls
University SSO with multi-factor authentication and role-based access. Model availability can be scoped per role. An emergency disable switch can suspend the service immediately if required.
7. Security & privacy controls
- Contractual no-training and data-handling terms with vendors
- Data-loss-prevention checks on prompts and uploads
- Prompt/response logging for abuse review, access-controlled
- Encryption in transit and at rest
8. Governance boundary
Approved for data up to and including Internal. Confidential and regulated workloads are out of scope and are routed to the Secure Research AI Cluster instead.
9. Change management & monitoring
Logging & monitoring
Prompts, responses, and usage logged with 90-day retention; access-controlled and forwarded to the SIEM for alerting.
Review cadence
Quarterly governance review (next 2026-08-01), plus an annual security review.
Change control
Enabling a new model, modality, tool, or integration requires AI Governance Committee + ISO sign-off before activation — treated as a material change.
Downstream limits
API access is allow-listed; downstream tools inherit the gateway's data-class boundary and may not widen it.
10. Review history
2026-05-01 · v3.0
Added vision-capable model endpoint; re-reviewed DLP rules.
2026-01-15 · v2.2
Expanded logging retention; annual security review passed.
2025-08-20 · v2.0
Initial production deployment and governance approval.
Review & approval
System owner — Enterprise Architecture
Information Security Office
Fictional example document for demonstration. Use Print / Save as PDF to export just the document.