10 applicability questions determine which AI laws apply to you. EU AI Act, GDPR, NIST AI RMF, SEC 2026, HIPAA, NAIC, and five state AI laws - mapped to enforcement

Small businesses need AI governance too - but they don't have compliance teams. Three plain-language rules, a quick decision guide, and an approved tools table. Fill in the tool names,

Network-based DLP controls don't follow employees home. This policy covers the AI risks that multiply when employees work remotely - personal device use, public WiFi, home networks, and the blurred

AI can produce contracts, reports, legal filings, and code in seconds. But who owns it? Who is responsible if it's wrong? When do you have to disclose it? This policy

58% of AI users received no security training. This 30-minute outline covers what employees actually need: how LLMs handle data, what's prohibited, how to recognize prompt injection, and how to

Most AI data incidents aren't malicious - they're employees who didn't know the rules. This guide gives every employee a clear, practical answer with real examples from everyday work tasks.

Standard vendor contracts don't cover AI-specific risks. This addendum provides exact contract language for: prohibiting AI training use of your data, requiring subprocessor disclosure, securing 48-hour breach notification, and ensuring

Every AI security policy is worthless if you don't know which AI tools are actually in use. This register tracks all of them - approved, under review, rejected, retired, and

Shadow AI proliferates when the approval process is too slow. This procurement policy is thorough enough to be credible, fast enough to be viable, and transparent enough that employees use

Before deploying an AI vendor: do they use your data for training? Do they have zero data retention? Who are their subprocessors? This 5-section questionnaire covers every question that matters.