If AppZen is deploying a new machine learning model that processes customer invoices, what security controls would you mandate before launch?