# SCRIMED Trust Safety Incident Report

Incident ID: trustops-claims-substantiation-gate
Title: Unsupported public claim, sales claim, or advertising claim needs substantiation
Generated: 2026-07-16T07:38:44.161Z
Severity: high
Status: contained
Owner: Claims, marketing, legal, and product owner
Accountable agent: Claims And Legal Guard
Source channel: Claims And Content Watch
Created: 2026-06-16T09:10:00.000Z
Updated: 2026-06-16T09:10:00.000Z
Legal-hold status: watch

## Boundary
SCRIMED Trust and Safety Operations is an operating model and product control layer for synthetic evaluations, protected pilots, and enterprise readiness. It does not create legal advice, compliance certification, 24/7 managed SOC/MDR coverage, production clinical monitoring, or authorization for live clinical execution.

## Trigger Signal
Language suggests certification, clinical outcome, guaranteed ROI, partnership, production readiness, or patient treatment capability without approved evidence.

## Affected Surface
- website copy
- sales packets
- pricing
- PR and advertising

## Buyer And Company Impact
Keeps SCRIMED credible with health systems, payers, investors, regulators, and enterprise counsel by forcing claims to match current capability.

## Containment
Block publication and replace with current-boundary language until evidence and approvers are attached.

## Remediation Plan
Route each quantified or regulated claim through the claims register with dated evidence, approved channel, limitation, and accountable approver.

## Evidence Routes
- /claims
- /trust-center
- /market-activation
- /api/enterprise-readiness/claims

## Audit Events
- claim-blocked
- evidence-required
- approved-boundary-replacement-used

## Improvement Actions
- Require claims-register entry before publishing new marketing copy.
- Keep synthetic-pilot boundary visible in buyer and investor artifacts.
- Escalate regulated health, compliance, and ROI claims to qualified external reviewers.

## Severity SLA
- Response target: Same-business-day owner assignment in protected pilots; faster for production incidents once staffed.
- Containment target: Block publication, export, connector action, or claim until reviewed.
- Executive escalation: Founder plus accountable domain owner.
- Required reviewers: domain owner, legal/privacy/security as applicable, product owner

## Production Boundary
This gate is not legal advice or advertising clearance; final external claims require qualified counsel and appropriate domain reviewers.

## Remaining Limitations
- Production managed 24/7 coverage still requires staffed on-call/SOC/MDR coverage, contracts, tabletop exercises, customer-specific runbooks, and external security review.
- Tenant TrustOps storage is designed for synthetic pilots and enterprise readiness; regulated production incidents still require customer-approved live-data boundaries, breach analysis, notification decisions, and forensic process.
- The TrustOps Supabase migration must be applied and authenticated-smoke-tested in each environment before tenant mutation routes are used with buyers.
- Clinical, legal, privacy, security, copyright, trademark, reimbursement, and advertising determinations still require qualified human reviewers.