Best Practices For Engineering Documentation

Yesterday, the AI Office published the third draft of the General-Purpose AI Code of Practice, a key regulatory instrument for AI providers seeking to align with the EU AI Act. Developed with input from 1,000 stakeholders, the draft refines previous versions by clarifying compliance requirements and introducing a structured approach to regulation. GPAI providers must meet baseline obligations on transparency and copyright compliance, while models classified as having systemic risk face additional commitments under Article 51 of the AI Act. The final version, expected in May 2025, aims to facilitate compliance while ensuring AI models adhere to safety, security, and accountability standards. The Code introduces the Model Documentation Form, requiring AI providers to disclose key details such as model architecture, parameter size, training methodologies, and data sources. Transparency obligations include specifying the provenance of training data, documenting measures to mitigate bias, and reporting compute power and energy consumption. GPI providers must also outline their models’ intended uses, with additional requirements for systemic-risk models, including adversarial testing and evaluation strategies. Documentation must be retained for twelve months after a model is retired, with copyright compliance mandatory for all providers, including open-source AI. GPAI providers must establish formal copyright policies and comply with strict data collection rules. Web crawlers cannot bypass paywalls, access piracy sites, or ignore the Robot Exclusion Protocol. The Code also requires providers to prevent AI-generated copyright infringement, mandate compliance in acceptable use policies, and implement mechanisms for rightsholders to submit copyright complaints. Providers must maintain a point of contact for copyright inquiries and ensure their policies are transparent. For AI models with systemic risk, the Code introduces a Safety and Security Framework, aligning with the AI Act’s high-risk requirements. Providers must assess risks in areas such as cyber threats, manipulation, and autonomous AI behaviours. They must define risk acceptance criteria, anticipate risk escalations, and conduct assessments at key development milestones. If risks are identified, development may need to be paused while safeguards are implemented. GPAI providers must introduce technical safeguards, including input filtering, API access controls, and security measures meeting at least the RAND SL3 standard. From 2 November 2025, systemic-risk models must undergo external risk assessments before release. Providers must maintain a Safety and Security Model Report, report AI-related incidents within strict timeframes, and implement governance structures ensuring responsibility at all levels. Whistleblower protections are also required. With the final version expected in May 2025, AI providers have a short window to prepare before the AI Act takes full effect in August.

I didn't turn up to my presentation for Deutsche Bank and AnitaB.org. I prepared the slides. I put a lot of thought into why each and every tip was important. Yet at the end of the day, I wasn't there... I was sick 🤢 Still, their loss is your gain, because I've turned everything from that presentation into a blog post for your convenience! 🥳 In it, I cover the core of presenting technical concepts and/or digitalisation proposals to non-technical stakeholders. SPOILER: it's more about listening and watching than it is about convincing! Here's the summary for those not wanting to read the whole thing: 🧐 Speak their language: ask about existing knowledge and establish what 'level' the stakeholder wants to speak at. No need to jump into architecture if they only want to know about personnel requirements. 😳 Cater to the lowest level in the room: Try to modify your explanations so that everyone gets it. Even those with more technical experience can learn from hearing a non-technical explanation. 🤩 Focus on collaboration and co-creation: Don't view it as a pitch, but rather as a chance to design a solution together. Be open to "teach don't preach" if they do look for more details. 👏 Be direct about resistance: Communicate options, and interpret resistance as an opportunity to put their minds at ease or to design a different solution together. 🤫 Practice active listening: 'Listening' sometimes happens with the eyes, not the ears. Look for moments when people tune out, change topics, or fidget more. You're losing your audience! 🚙 Use metaphors: Bridges, factories, post offices, architecture, and housing construction have all been metaphors I have used for explaining software engineering concepts to non-technical stakeholders. 🧙🏻♀️ Incorporate storytelling: Where possible, use real-world stories to illustrate processes, for example on how software engineering teams work using agile approaches, or versioning control. 😎 Be their resource: View these talks as the start of your relationship beyond this specific project. Position yourself to be their 'go to tech person' when they need something clarified. --- What do you think? #engineeringmanagement #technicalcommunication #strategiccommunication #pitching https://lnkd.in/eNQ5stUW

Ever feel lost trying to navigate a complex Piping & Instrumentation Diagram (P&ID)? You're not alone. These drawings are the universal language of process engineering, but their symbols and systems can be a challenge to master. I recently reviewed an excellent foundational guide from OPITO's Petroleum Processing Technology Series on "Process Flow & P&IDs." It's a fantastic resource that breaks down the essentials, covering: ✅ Standardized Symbols: From pipelines and valves to pumps and vessels. ✅ Pipeline Identification: Decoding line numbers, product designations, and insulation classes. ✅ Equipment & Instruments: Understanding tags for pumps (P), compressors (K), and control loops (e.g., FIC, LIC). ✅ Practical Applications: Real-world examples like control valve failure modes and safety interlock systems. Whether you're a new engineer, a seasoned operator, or a project professional working with technical teams, a solid grasp of P&IDs is non-negotiable for safety, efficiency, and clear communication. Key Takeaway: P&IDs aren't scale drawings, but they provide an accurate functional representation of the process. Learning to "read" them is a critical skill for anyone in our industry. What was the biggest "aha!" moment you had when first learning to interpret P&IDs? Or what's one tip you'd give to someone just starting out?

Number marking of components like Raw Number (Row No.), Table Number, Inverter String Number, and Equipment Numbers is crucial in Operations & Maintenance (O&M) and Breakdown Management for ground-mounted solar projects 1. Fast Fault Identification & Isolation When a fault is reported (e.g., string underperformance), number marking helps technicians quickly locate the exact table, row, or string inverter while online guidance Reduces time spent searching, enabling faster troubleshooting and repair. 2. Efficient Preventive Maintenance Maintenance teams can schedule and execute routine inspections, cleaning, and thermographic scans based on clear component IDs. Ensures no table/string is missed and all are periodically covered. 3. Streamlined Reporting & Documentation Component IDs (e.g., INV-04-STR-10, TB-15, RW-03) allow precise recording of events, repairs, or replacements. Enables data-driven performance tracking and root cause analysis over time. 4. Inventory & Spares Management Equipment tagged with unique IDs helps in matching spares correctly, avoiding mismatches or repeated ordering. Aids in tracking the life cycle and warranty of specific components. 5. Safety & Compliance Clear marking is essential for safe shutdown, isolation, and energization during work. Supports audit readiness and regulatory compliance (e.g., DISCOM or MNRE inspections). 6. Workforce Efficiency & Accountability Minimizes miscommunication between O&M team members. Helps assign and monitor tasks based on tagged components, improving team accountability.

NASA kept these photos from Apollo astronauts’ cuff‑checklists under “Restricted” access for years. No, it’s not proof that the moon landing was faked. What they hid from the public eye was far more sly. On Apollo missions, each astronaut wore a multi‑page cuff checklist. It’s the ultimate cheat‑sheet for their moonwalks. Hidden between the pages? A surprise the ground crew preferred taxpayers never saw. That stunt proves two things: Memory buckles under pressure. A well‑curated checklist can keep you on task and make you laugh. When the pressure is on, even highly trained astronauts rely on simple checklists. That same humble implement saved pilots and patients back on Earth. In 1935,  Boeing B‑17 crashed at the first test flight. A simple mistake from the pilot who missed to disengage a lock led to the  first 19‑item pre‑flight checklist. That practice transformed the aviation industry for the better and saved many lives throughout the decades. Fast forward to 2008, Harvard Prof and Surgeon Atul Gawande did a study in 8 countries to implement a 1 page checklist before every surgery. Surgical deaths got cut by 47 %. The WHO officials adopted this checklist as the gold standard to save lives globally. 5 tips for making your checklists bullet-proof 1. Make every item deterministic.  Obvious to say yes or no. When two different people read it, they must interpret it the same way.  Don’t say “Check analytics”.  Say “Analytics tested in GA Extension. Confirm equivalent behavior for control and test paths” 2. Aim for the Goldilocks scope.  Too generic “How to start a business” = junk.  Too narrow “How to add this specific button in this bespoke web page” = can’t reuse.  3. Engage the doers.  Early engagement creates ownership and gets natural compliance.  4. Update after every use Make it a team habit to update the checklist after every execution. 5. Use the right type of checklist. Read-Do for things that must be done and confirmed at each step (eg. Payroll Checklist) Do-Cofirm for multiple party checklists that need checkpoints (eg. Product Launch Checklist) At Boomerang, we use: *Product‑launch checklist – born during Boomerang for Yahoo (RIP) and still evolving 13 years later. *Pre‑ & Post‑flight experiment – our Year of Experiments yielded 7 pre and 5 post-flight items that rescued us *New‑hire onboarding – Google’s 5‑item checklist study shows 25% boost in productivity *Off‑site playbook – 28 retreats in, we know every power‑strip, Sharpie and lunch menu counts. Comment “Checklists” if you want the Boomerang checklists mentioned. Are you still waiting for what the secret NASA was hiding in the cuff checklists? You will have to listen to the episode 6 of Less Busy Lab linked in the comments. P.S. The first commenter who guesses the hidden Apollo photo gets a virtual coffee.  P.P.S. Hint: The time has changed and you can’t do that in this day and age.  P.P.P.S. Sharing this NASA story doesn’t mean I approve of what they did. 

How Are You Auditing AI Model Cards? I am certain of few things in this world of great change ... but I am going to go out on a limb and say that within six months (if not already) Boards and Management are going to be asking of Internal Audit: "So can you provide assurance ... by tomorrow ... over our model card?" And this will prompt a question you will quickly ask of AI - which as you will see by the end of this LinkedIn post is ironic!: "I have no idea what they are asking me to do; what is a model card?" I saw a great description of model cards being like a nutrition label for AI - a document that explains what an AI model is meant to do, how it was built, how well it performs, and what its risks or limitations are. A model card should help non-technical people - executives, regulators, customers (me!) - see if an AI system is safe, fair, and fit for purpose. (The Google Model Card page is worth a look: https://lnkd.in/g6z5-dHQ) Hmmm ... stakeholders wanting comfort that what they are using is safe and appropriate ... what function in an organisation could possibly help ... Stand up Internal Audit ... this is our time!!! And this is what we need to do. ~ Model Design & Purpose ~ 1 - Confirm the intended use case is clearly documented. 2 - Check that the business objective aligns with the model’s stated purpose. 3 - Ensure stakeholders can understand the card (plain language, no jargon). ~ Model Data & Development ~ 4 - Review how datasets are sourced, documented, and compliant. 5 - Assess bias testing and fairness methods (easier said than done!). 6 - Confirm that validation data is independent from training. ~ Model Training & Testing ~ 7 - Validate that performance metrics are fairly presented. 8 - Review stress testing for edge cases and robustness. 9 - Ensure limitations and assumptions are openly disclosed. ~ Model Risk & Compliance ~ 10 - Confirm operational, ethical, and regulatory risks are listed. 11 - Check alignment with laws and standards. 12 - Ensure misuse scenarios are anticipated and mitigated. ~ Model Governance & Deployment ~ 13 - Verify that the model card names clear accountable owners. 14 - Review version control for every model iteration. 15 - Assess change governance before deployment updates. ~ Model Controls & Safeguards ~ 16 - Confirm there are fallback procedures if the model fails. 17 - Review audit trail evidence for external (non management) review. 18 - Check coverage of third-party models interacting with the reviewed model. ~ Model Monitoring & Continuous Assurance ~ 19 - Confirm the card references ongoing monitoring of performance and risks. 20 - Assure that Internal Audit has visibility into the entire lifecycle for repeat reviews. ** AI may often feel complex (primarily because it is), but trust is simple: document, disclose, and independently assure. The first globally recognised AI Model Auditor is going to reshape the entire profession. Who will it be?

🤖On 10 July 2025, the European Commission officially published the long-anticipated General-Purpose #AI Code of Practice—a non-binding yet influential document that aims to guide providers of general-purpose AI (GPAI) models in demonstrating compliance with the AI Act. Developed over the course of ten months by independent experts and informed by over 1,000 stakeholders, the Code provides a structured pathway to legal alignment in three critical areas: safety and security, copyright, and transparency. It arrives just weeks before the first legal obligations on GPAI models under the AI Act come into effect in August 2025. Although voluntary, adherence to the Code may offer providers a “clear, collaborative route to compliance,” as the Commission puts it, along with reduced administrative burden and potentially lower fines in case of enforcement proceedings. Yet its publication has not been without controversy. Some EU lawmakers claim that last-minute revisions weakened provisions on public transparency and systemic risk oversight. Industry associations have also voiced concern that the Code is too prescriptive in parts, particularly regarding copyright. Despite this, the Commission stands firm: the rules will apply on time, and this Code is the key instrument for operational readiness. The transparency chapter of the Code is particularly relevant for privacy professionals, as it details how providers can meet the documentation and disclosure obligations set out in Article 53(1)(a) and (b) AI Act and related Annexes XI and XII. These obligations apply broadly to all GPAI model providers unless an open-source exemption applies. The core requirement is the creation and maintenance of a Model Documentation Form that includes technical and operational information about the model—such as its intended purpose, limitations, capabilities, and safety measures. The documentation must be updated over the model lifecycle, and previous versions must be retained for at least ten years. Providers must also publish contact information for requesting access to the documentation and respond within specific timeframes to legally grounded requests from the AI Office or national authorities. Information-sharing obligations also extend to downstream providers—typically developers of AI systems using the GPAI model—who rely on this information to meet their own compliance duties. The Code contains safeguards for confidentiality, requiring that authorities and downstream providers protect trade secrets, intellectual property, and sensitive business information. Providers are further encouraged to publish parts of the documentation voluntarily to promote public transparency and trust in AI technologies. Importantly, while the Code doesn’t create a presumption of compliance, it does carry legal weight: under Article 101 AI Act, the AI Office may consider adherence to the Code when determining sanctions. #aiact #privacy #law

Mastering Process P&ID Training: A Key Skill for Engineers 🛠️📊 Understanding Piping and Instrumentation Diagrams (P&IDs) is essential for engineers in the process industry. Here’s a quick overview of what Process P&ID Training entails and why it’s crucial for your projects: 🔹What is a P&ID? A P&ID is a detailed diagram that represents the process flow, including equipment, piping, instrumentation, and control systems. It’s the backbone of designing, constructing, and operating industrial facilities. 🔹Key Components of P&ID Training: 1️⃣Equipment Representation: Learn how to accurately depict equipment like pumps, compressors, heat exchangers, and vessels.   2️⃣Piping & Instrumentation: Understand how to show piping, valves, and instrumentation connections, including control loops and safety systems.   3️⃣Symbols & Standards: Familiarize yourself with industry-standard symbols and formats (ISA S5.1, PIP PIC001).   4️⃣Review & Validation: Master the process of reviewing P&IDs for accuracy, consistency, and compliance with safety standards. 🔹Why is P&ID Training Important? - Ensures clear communication between engineering disciplines.   - Helps identify potential risks and safety hazards early in the design phase.   - Facilitates efficient project execution and reduces costly errors during construction and operation. 🔹Best Practices for P&ID Development:  - Start with a clear process flow diagram (PFD).   - Use standardized symbols and formats.   - Conduct thorough reviews with cross-disciplinary teams.   - Implement a robust change management process to track revisions. By mastering P&ID development and review, you can enhance your project’s efficiency, safety, and overall success. #ProcessEngineering #P&ID #EngineeringDesign #ProcessSafety #IndustrialEngineering #ProjectManagement #EngineeringExcellence #LinkedInLearning

P & ID Handbook Understanding P&ID (Piping and Instrumentation Diagram): A Process Engineer’s Guide 🔍 What is a P&ID? A Piping and Instrumentation Diagram (P&ID) is a critical tool for visualizing the interconnection of process equipment and instrumentation in a plant. It serves as a blueprint for process control and operations. 🔧 Who Uses P&IDs and When? Engineers during the design and commissioning phases. Operators and maintenance teams for troubleshooting and optimization. Inspectors for ensuring compliance with standards. ⚙️ Why Do P&IDs Look Complex? The detail-oriented nature of P&IDs reflects their purpose: to capture every aspect of a process in a standardized format. 📜 Key Components of a P&ID: Symbols: Represent equipment, valves, and instruments. Connecting Lines: Show process flow and interconnections. Line Schedules: Indicate pipe specifications. Legend Sheet: A must-have for interpreting the drawing. 🚀 Mastering Symbols and Equipment: Vessels: Defined by size, shape, and associated equipment. Heat Exchangers: Material flow tracing is critical. Pumps & Compressors: Centrifugal, rotary, vacuum, and their flow paths. Valves: Identification, control, and fail positions. 🎛️ Understanding Control Loops: Control loops are the heart of process control, ensuring process variables remain within desired ranges. From measuring instruments to final control elements like valves, a P&ID shows their interaction clearly. 🔑 Mastering Interlocks and Automation: Interlocks enhance safety and prevent operational errors. A clear understanding of these systems is vital for process optimization. 🛠️ Final Thoughts: A P&ID is more than a technical drawing; it’s a comprehensive guide to a process. Mastering it empowers engineers to ensure safety, efficiency, and reliability in operations. #PipingAndInstrumentationDiagram #ProcessEngineering #ControlSystems #PlantDesign #EngineeringExcellence

"Oh, Sarah used to handle that before she left. But she didn’t write it down." Jen screams into the void Here's what just happened. Sarah took your entire AML program with her when she walked out that door. All that institutional knowledge? Gone. That clever workaround for the system glitch? Vanished. The reason why you check that specific data point? Nobody knows anymore. I get it. Documentation is dull. But here's the thing. It’s your insurance policy against chaos. Think about it: Regulator looking for evidence of compliance? Documentation. Audit wants proof you follow your own processes? Documentation. New team member needs training yesterday? Documentation. CEO randomly asks "How does this actually work?" Documentation. When someone's asking why you cleared that wire to Sketchy Island Holdings LLC, you can’t talk about your gut feeling, you need to point them to the process you followed. So write it down (like, actually written, not "oh Sarah knows that"): ✅ Step by step breakdown of every key process in gory detail, so anyone could, in a pinch, perform that function ✅ Identification and details of all workarounds whether they are system related or manual in nature and what the workaround is compensating for. ✅ How processes (and which ones) are connected and/or interdependent ✅ Decision making authority and escalations I've watched organizations scramble trying to recreate what Sarah knew. Trying to reverse-engineer processes from paper breadcrumbs, email, slack and prayer. Meanwhile, the work isn’t getting done or is being done...poorly. Write. It. Down.