The Exposure Map
Nine questions around where your organisation is exposed to AI risk right now. There are no right answers here [including blank answers!]
Setup · who is charting
Do you know which AI tools your people actually use, day to day?
Are staff mostly on governed accounts, or free tools?
Do you classify data before it goes into an AI tool?
Do you know where data exits, once it enters an AI tool?
Does every AI tool and data flow have a named owner?
How many of the five policy pillars are documented? (approved tools, data handling, disclosure, verification, prohibited uses)
Do your live AI pilots have defined success metrics?
Is there a single named person accountable for AI in your organisation?
Do you know your sector regulator's position on AI, and your EU AI Act exposure?
9 still in the dark