Would a "standard", for sake of argument, for Collins project, tell you need to keep up with the recent?

(safety) literature, that you need access to risk websites and logs, that there needs to be a chain of custody for the algorithms, that there needs to be an audit trail of all changes to operational software ?