Keep, Fix, or Kill is the working framework HIP applies inside every Agentic AI Readiness Audit. Each tool is scored against four criteria and assigned one verdict. The output is not a long list; it is a short, sequenced plan leadership can execute. This page is the framework, the criteria, and how the verdict gets reached.
The criteria are deliberately small. Four. Each is binary or near-binary. The verdict reaches a written decision per tool, not a workshop per tool. Speed matters because the inventory can become large quickly.
Scoring is documented per tool so the decision survives the next leadership rotation. A future operator can reread the Audit and understand why the verdict landed where it did.
Does the tool’s data-handling contract permit the data class the firm is putting through it? Public marketing copy is one answer; client PII, fund data, or privileged work is another. Mismatch is fatal regardless of how useful the tool is.
Does the tool measurably move a workflow leadership cares about? Drafting cycles, response times, deal-team capacity, RM throughput. Without a measurable lift, the tool is not earning its place even when the data-class fit is clean.
Does the vendor offer the DPA, sub-processor disclosure, sovereign-residency option, and audit-trail features a regulated firm needs? Or is it consumer-grade with no upgrade path? The contract has to be in writing, not aspirational.
Is there a named owner of the tool inside the firm who is accountable for its use, its renewal, and its retirement? Tools without owners drift. The Audit either names an owner or the tool moves to the kill pile.
Scores cleanly on all four criteria. Stays in production under the governance line, in the inventory, with a named owner and a quarterly review trigger.
Score fails on vendor posture but the tool is otherwise valuable. Path: upgrade to enterprise tier, sign a tighter DPA, switch to sovereign-residency option, or amend the contract. Verdict ships with a price tag and a turnaround commitment.
Tool is doing useful work but the vendor cannot reach the bar. Replace with a sanctioned alternative that does the same job under the firm’s governance line. Verdict ships with a named replacement and a migration plan.
No combination of fixes resolves the data-class fit, throughput impact, or vendor posture. The tool comes out. Sanctioned alternatives are named where they exist. Where they do not, the workflow returns to manual until something fit-for-purpose lands.
Three categories keep the decision clear. Five categories degrade into ambiguity. Where a verdict feels unclear, the framework treats that ambiguity as a Fix outcome with a named subcategory.
Yes, indirectly. A tool can be Keep for one data class and Kill for another. The Audit produces verdicts per tool by data class, not per tool alone. The output is still binary at the cell level so the operating posture remains executable.
The full Audit takes 2 to 6 weeks depending on scope. Follow-on implementation, if any, is scoped separately and owned personally by Josef.
HIP applies it inside Agentic AI Readiness Audits. Other operators are welcome to use the framework directly; the criteria and verdicts are public and named precisely for that reason. Where a firm wants the discipline applied by Josef Holm, that is what the Audit provides.
The framework is public. The discipline of applying it inside a time-boxed Audit, with written verdicts that survive a regulator question, is what the Audit delivers. Apply to work with HIP to begin.