How long does an AI implementation take?

Most single workflow implementations take 2-6 weeks from kickoff to production. Full AI transformation programmes run 6-12 weeks.

Do you work with specific AI models?

We are model-agnostic and work with all major providers including Anthropic Claude, OpenAI GPT, Google Gemini, Meta Llama, Mistral, and more.

Can you deploy AI on our own servers?

Yes. Our Local & Private AI service deploys models on your own infrastructure or private cloud.

compliance

How do I create an AI acceptable use policy?

Quick Answer

Create an AI acceptable use policy by defining which AI tools are approved for business use, what data can and cannot be shared with AI systems, how AI outputs should be reviewed before use, and what responsibilities employees have when using AI. The policy should be practical, specific, and regularly updated as AI tools and capabilities evolve. Include clear examples to help staff apply the policy in daily work.

Summary

Key takeaways

Specify which AI tools are approved and which are prohibited
Define clearly what data can and cannot be used with AI tools
Establish review requirements for AI-generated outputs
Include practical examples and update the policy regularly

Essential Policy Components

An effective AI acceptable use policy covers several key areas. Approved tools lists the AI tools and services sanctioned for business use, with any conditions or restrictions. Data classification defines what types of data can be used with each category of AI tool: public data, internal data, confidential data, and personal data each need clear guidelines. Output review establishes when and how AI-generated content must be reviewed before use, with higher scrutiny for customer-facing or decision-making outputs. Prohibited activities explicitly state what is not allowed, such as sharing client data with unapproved AI tools, using AI for decisions requiring professional judgement without human review, or presenting AI-generated work as human-authored without disclosure. Accountability clarifies that employees remain responsible for the quality and accuracy of work products even when AI assists. Reporting provides a mechanism for staff to report concerns or incidents related to AI use.

Creating and Implementing the Policy

Develop the policy with input from technology, legal, compliance, HR, and representative business users. Keep the language clear and jargon-free, with specific examples of what is and is not acceptable. A short, clear policy that people read and follow is more effective than a comprehensive document that nobody consults. Roll out the policy with training that explains the reasoning behind each requirement, not just the rules themselves. Use real-world scenarios relevant to different roles to make the guidance practical. Build compliance into your technology environment where possible, for example by making approved AI tools easily accessible and blocking unapproved ones. Review and update the policy quarterly, as the AI landscape changes rapidly. Seek feedback from staff about where the policy is unclear or impractical, and adjust accordingly.

Frequently asked questions

Banning AI tools is generally counterproductive. Staff will use them anyway through personal devices and accounts, creating shadow AI risks. A better approach is providing approved tools with appropriate safeguards and clear guidelines for their use.

Enforcement combines technical controls, such as approved tool access and data loss prevention, with management oversight and a culture of responsible use. Regular training, clear consequences for violations, and easy reporting of concerns support effective enforcement.

Review quarterly at minimum, and update whenever significant new AI tools are adopted, regulations change, or incidents reveal policy gaps. Communicate updates clearly to all staff and provide refresher training on significant changes.

Shadow AI occurs when staff use unapproved AI tools. Address it by providing easy access to approved alternatives, communicating why approved tools are safer, monitoring for unapproved tool usage through network controls, and creating a process for requesting new tools to be evaluated and approved.

A single core policy should apply organisation-wide, with role-specific appendices for departments with unique requirements. Legal teams may have stricter client data restrictions. Marketing teams may have broader content generation permissions. Keep the core principles consistent while allowing proportionate flexibility.

Have more questions about AI?

Our team can help you navigate the AI landscape. Book a free strategy call.

Book a Strategy Call View Pricing

How do I create an AI acceptable use policy?

Quick Answer

Key takeaways

Essential Policy Components

Creating and Implementing the Policy

Related questions

Frequently asked questions

AI Acceptable Use Template

AI Ethics Policy Guide

AI Governance Services

Have more questions about AI?