# Sample answer patterns (anonymized)

## Strong patterns

- Names **specific** Health Canada vs. FDA pathway assumptions and defers final class to RA with a list of open questions.
- Maps each mock requirement to a **design input ID** and a **verification** method (test, inspection, analysis).
- Addresses **stale vitals** with UX, logging, and risk control traceability—not only “better ML.”
- Describes **Canada data residency** with region names, failover policy, and subprocessors.
- Includes **PCCP bounds** for quarterly retraining: data acceptance criteria, regression suite, and rollback.
- **TCO** cites instance sizes, egress, and monitoring with an order-of-magnitude check against $12/patient.

## Weak patterns

- “We will use HIPAA-compliant hosting” for an Alberta pilot without **HIA / custodian** discussion.
- “The AI is just a recommendation” with no **human factors** or override metrics.
- “We will encrypt data” with no **key custody**, backup encryption, or access roles.
- Risk register lists only cybersecurity or only algorithm accuracy—**not both** with usability.
- Ignores **SBOM / CVE** procurement constraint or treats it as “devops later.”