Governance pack

Downloadable templates for fast approval.

Use these templates to standardize approvals, vendor due diligence, and prompt safety rules.

AI Use Policy (Executive)

Purpose: Define approved AI usage and prohibited data categories.

Allowed:
- Green-zone use cases with no sensitive data
- Approved prompt templates

Controlled:
- Private-tenant AI with logging, redaction, and retention

Prohibited:
- Client or regulated data in public AI services

Ownership:
- Risk and compliance approve use cases
- Engineering enforces technical controls

Prompt Safety Rules

1) No client identifiers or regulated PII in prompts.
2) No secrets, tokens, or credentials in AI tools.
3) Use approved prompt templates only.
4) Log prompt and output for audit.
5) Human review required before release.

Vendor Risk Questionnaire

- Data retention policy and deletion guarantees
- Model training usage of customer data
- Audit logging availability
- Tenant isolation and encryption
- Incident response timelines

Acceptable Use Matrix

Green: Public data + public AI
Amber: Internal/confidential + private tenant
Red: Client/regulated data + only controlled architecture