AI Acceptable Use Policy
Employee-facing policy governing how staff may use AI tools — public, internal, and third-party. Plain language, with concrete examples and clear escalation paths.
8–15 pages · Markdown + PDFSERVICES · COMPLIANCE← BACK TO SERVICES
Policy Drafting
Internal AI use policies and governance templates — written to be enforced, not filed in a drawer.
Policy Drafting is the engagement that produces the internal documents governing how your organization develops, deploys, and uses AI. Acceptable-use policies, model-approval workflows, incident-response playbooks, vendor-AI assessment frameworks. Written by practitioners who understand both the technical reality and the operational politics of policies that actually get followed.
// THE PROBLEM
What we're solving when you hire us for thisMost AI use policies are written either by lawyers (who produce documents nobody on the engineering team can apply) or by HR (who produce policies that don't survive contact with the actual technical reality). The result is policies that exist on paper but don't actually govern behavior — which is the worst case for compliance and the most common case in practice.
Policy Drafting produces documents that operate at both layers. Each policy is technically accurate enough that engineering teams can follow it, plain-spoken enough that non-technical employees can apply it, and structured enough that auditors and regulators recognize it as defensible governance. We write for both audiences because both audiences have to use the policy.
// HOW WE RUN IT
The five phases of a Policy Drafting engagement01
Policy Inventory
We map your current state: what policies exist, what they cover, what's missing, what conflicts. Includes formal policies, informal practices, and team-level documentation.
Duration 2–3 days · Output: policy inventory02
Requirements Mapping
Against your regulatory exposure, customer commitments, and operational reality, we identify which policies you need and at what level of formality. Not every team needs every policy.
Duration 2–3 days · Output: policy requirements03
Drafting
We draft each policy: structured documents covering scope, definitions, requirements, exceptions, enforcement, and review cadence. Drafts are reviewed with you in working sessions before finalization.
Duration 7–10 days · Output: policy drafts04
Stakeholder Review
Drafts are reviewed with relevant stakeholders: engineering for technical accuracy, legal for risk language, HR for employee-facing clarity, compliance for framework alignment. Reviews drive revision cycles.
Duration 5–7 days · Output: revised drafts05
Finalization & Implementation
Final policies are produced in your preferred format, with rollout guidance — how to communicate them, how to track acknowledgement, how to integrate them into existing governance processes.
Duration 3–4 days · Output: final policies + rollout plan// WHAT YOU RECEIVE
Deliverables, named and specificAI Model & Vendor Approval Policy
Framework for evaluating and approving AI models or AI-embedded vendors before adoption. Includes security, compliance, and risk criteria.
10–20 pages · Markdown + PDFAI Incident Response Policy
Internal playbook for responding to AI-specific incidents: jailbreaks, data leakage, agent compromise. Aligns with our Incident Response engagement structure.
10–15 pages · Markdown + PDFAI Development & Deployment Standards
Engineering-facing standards for building and deploying AI systems: security requirements, testing requirements, documentation requirements.
15–25 pages · Markdown + PDFRollout & Acknowledgement Plan
How to communicate the policies, train staff, track acknowledgement, and integrate with existing governance.
Rollout plan + templatesStakeholder Working Sessions
Working sessions with engineering, legal, HR, and compliance teams during drafting to ensure each policy is workable across constituencies.
Multiple sessions during engagement// ENGAGEMENT SHAPE
Specific numbers, not approximations4–6 weeks
Multi-stakeholder review takes time2 practitioners
Policy-fluent, both seniorWeekly drafting reviews
Plus async updates1–6 typical
Per-policy pricing availablePer-policy or full suite
Written in SOW$18,500
Single-policy engagementDrafts each week
Continuous review30-day revision support
For rollout-stage adjustments// WHEN THIS IS RIGHT
Honest fit criteria// THE RIGHT FIT
—
Your organization is deploying AI but lacks formal governance documentation — internal practice is ad-hoc.
—
Regulatory pressure (EU AI Act, sector-specific AI requirements) demands documented policies you don't currently have.
—
Customer due-diligence questionnaires increasingly ask about AI governance and your answers are weaker than they should be.
—
An incident or near-miss has highlighted the absence of clear policies and you need them in place before the next event.
// THE WRONG FIT
—
You need technical security testing — Adversarial Probing or other offensive engagements fit better.
—
You already have working AI policies that need minor updates — a single working session is more cost-effective than a full engagement.
—
Your organization is so small that informal practices work fine — policy formalization adds overhead that may exceed its value.
—
You want template policies without customization — generic templates don't survive enforcement, which defeats the purpose.
// RELATED ENGAGEMENTS
Where this connects to the rest of our workAI Risk Assessment
Companion engagement — Risk Assessment identifies what policies are needed; Policy Drafting produces them.
DETAILS →
Evidence Collection
Companion engagement — Policy Drafting produces what the org commits to; Evidence Collection documents adherence.
DETAILS →
Incident Response
If you've had an AI incident, this engagement turns lessons into policy.
DETAILS →
Policy Drafting engagements start from $18,500. Reply within 24h. NDA before scope.
BOOK THIS ENGAGEMENT →