AI Governance

The AI Policy Toolkit

Build a tailored, sample AI policy draft in minutes, shaped by your organization, AI risk posture, and how your team actually works.

Build my toolkit
See what's in the toolkit

AI Policy Toolkit

Step of

3 mins to go

What industry or sector is your organization in?

Your industry helps shape the policy considerations, data guidance, and rollout recommendations in your toolkit.

Where does your organization primarily operate?

Different privacy frameworks apply based on where your organization operates and the jurisdiction of your employees or customers.

How many employees does your organization have?

Your organization's size affects how formal the governance structure needs to be — and how the policy is written.

What types of data does your organization regularly handle?

Select all that apply.

Your current AI usage determines the optimal structure for your policy. This determines what data can and cannot go into AI tools.

How do you currently approach AI in your organization?

How your policy is framed depends heavily on where you're starting from. An organization with widespread informal AI use needs a different approach — including a transition period — than one starting from scratch.

What are your employees primarily using AI for?

Select all that apply.

The best AI policies are written for how your team actually works — not for a generic company. Your answers determine which use cases are specifically addressed in your policy.

How do you currently manage new software and tool approvals?

Your existing procurement process determines how your AI tool approval workflow should be structured — we'll build a process that fits your current operating model.

We recommend a balanced AI risk posture for your organisation

You can adjust below if you feel another posture is better suited.

70% know AI is a risk. Only 49% know the rules.

The AI Security Center

Governance is step two

AI Insights. AI Governance. AI Vetting. One path to safer adoption.
01

AI Insights

See where AI is already flowing.

Download AI reports
02

AI Policy Toolkit

Set rules people can use.

03

AI Risk Check

Vet tools before they enter the workflow.

Coming soon
How it works

From blank page to policy starting point.

  • Answer 8 Questions

    Tell us about your organization, AI usage, data types, and approval process.

  • Preview Your AI Toolkit

    See a tailored sample policy draft based on your answers.

  • Get your AI toolkit

    Enter your work email to receive your full AI Policy Toolkit.

What’s inside the toolkit

A sample policy, checklist, and rollout guide your team can review, adapt and use.

AI Policy (Sample)

A structured policy starting point tailored to your organization, data profile, and AI usage.
Sample AI policy document

Workforce Adoption Guide

Plain-English guidance to help employees understand what’s allowed, what needs review, and what should be avoided.
Workforce adoption guide document

Implementation Checklist

A review guide to help your team pressure-test the policy before rollout.
Implementation checklist document

45% of employees bypass controls. Exactly where policy needs to guide them.

More AI resources

What most teams get wrong about AI

Report
The State of AI Data Leaks: 2025

The State of AI Data Leaks: 2025

Over 40% of critical vendors use AI for processing personal data. Public privacy disclosures show how companies are using AI, which vendors they're using, and where there are global concentration risks.

Download report
Blog
MCP: The AI Protocol Quietly Expanding Your Attack Surface

MCP: The AI Protocol Quietly Expanding Your Attack Surface

MCP is one more external threat surface — alongside dark web exposure, credential leaks, and brand impersonation — where breaches start.

Learn more
Blog
Emerging Risks: Typosquatting in the MCP Ecosystem

Emerging Risks: Typosquatting in the MCP Ecosystem

Trusted AI connections can become attack paths when spoofed servers and lookalike names enter the workflow.

Learn more

Put your policy into practice

Turn policy into action