AI Governance in 10 Questions

Question 1 of 10

Does your organization have a written AI acceptable use policy that employees have signed?

Question 2 of 10

Do you know which AI tools your employees are currently using — and what data they're putting into them?

Question 3 of 10

Has your organization classified which data categories (client, financial, HR, health) are permitted in AI tools — and which are not?

Question 4 of 10

Do your vendor contracts and NDAs specifically address AI usage, data handling, and confidentiality?

Question 5 of 10

Is there a designated person in your organization responsible for AI governance decisions?

Question 6 of 10

Have your employees received training on approved AI tools, prohibited uses, and data handling protocols?

Question 7 of 10

Do you have a process for reviewing and approving new AI tools before employees start using them?

Question 8 of 10

Can you identify whether AI-generated content is being used in client deliverables, proposals, or external communications?

Question 9 of 10

Has your organization assessed its regulatory exposure related to AI usage (e.g., HIPAA, SEC, state privacy laws)?

Question 10 of 10

Do you have an incident response plan that covers AI-related data breaches or misuse?