1. Map the data before building the agent

Identify which personal data, business records, documents and systems the workflow may touch.

2. Define the purpose of the workflow

Document why the agent is being used and what business task it supports. Avoid vague or open-ended access.

3. Minimise the data the agent can access

Give the agent only the sources and fields it needs. Do not expose entire systems when a scoped connector or filtered index would work.

4. Use role-based access and least privilege

The agent should inherit or respect user roles and workflow permissions rather than becoming a shortcut around normal controls.

5. Add audit logs for retrievals and tool calls

Record what the agent retrieved, which tools it called, what it output and whether a human approved or corrected it.

6. Review model-provider and hosting options

Provider settings, data retention, region controls and contractual terms should match the client's data-processing requirements.

7. Keep human approval for sensitive actions

Emails, external messages, financial actions, data exports and irreversible operations should have explicit approval gates where risk requires it.

8. Document retention and deletion rules

Agree how long logs, prompts, retrieved content and project data are kept, and how deletion or access requests will be handled.