Your team already uses AI — with or without permission. The acceptable-use policy, 25-point vendor screen, incident runbook, and a formula-live 30-day rollout tracker.
The three-tier rule your staff can actually remember: GREEN go, AMBER ask, RED never — with the tier assignments already drafted for common tools and data classes.
A 25-point AI vendor evaluation and a scripted first-60-minutes incident response for when something goes wrong with an AI tool or output.
A formula-live plan that sequences the rollout — including the shadow-AI amnesty step: discovery before discipline, so you learn what's really in use.
IT and security leads whose company already uses AI — with or without permission — and who need governance running in 30 days, not a committee that meets quarterly.
No — it's an operational starting kit. Have counsel review the policy before adoption; the documents are structured to make that review fast.
Yes. The tiers and tracker scale down cleanly — a 20-person company can run the whole rollout with one owner.
Word or any .docx editor for the policies, Excel or LibreOffice for the tracker.