# Secure AI Use Starter Kit Your AI policy, rollout plan, and comms—ready to ship Monday. --- ## Your First Week | Day | Action | Owner | Time | |-----|--------|-------|------| | **Monday** | Read the Acceptable Use Policy. Get CEO/legal sign-off. | Security lead | 1 hour | | **Tuesday** | Announce policy to all-hands. Send Email #1. Share Risk Framework with team leads. | Security lead + comms | 30 min | | **Wednesday** | Hold manager training session (use the Playbook Week 1 guidance). | Security lead | 1 hour | | **Thursday** | Start posting Slack/Teams messages (see message pack). | Comms + IT | 10 min | | **Friday** | Collect early questions. Publish FAQ in policy doc. | Security lead | 1 hour | --- ## What You're Shipping | File | Use It For | Who Reads It | |------|-----------|--------------| | **01-AI-Acceptable-Use-Policy** | The headline deliverable. Print it, hand it out, cite it. | Everyone | | **02-30-Day-Rollout-Playbook** | Your week-by-week game plan. Run it like a campaign. | Security lead + managers | | **03-AI-Risk-Framework** | Classify AI use in 4 tiers. Use this to make approval decisions. | Security lead + team leads | | **04-Manager-Rollout-Emails** | Send these 3 emails. Customize the dates and tool names. | Managers (to their teams) | | **05-Slack-Teams-Pack** | 15 ready-to-paste messages. Drip them over 30 days. | Comms + IT | | **06-Exec-Summary-One-Pager** | Show this to the CEO or board. It's the 5-minute version. | Executives | --- ## How to Customize (2 Minutes) Find and replace these tokens in every file: - `{{company}}` → Your company name - `{{approvedAiTool}}` → The primary tool you're endorsing (e.g., "Claude API" or "ChatGPT Pro") That's it. Everything else flows from those two choices. --- ## Success Metrics (30 Days) - **Week 1:** 100% of managers trained - **Week 2:** All teams know the 4-tier framework - **Week 3:** Enforcement begins; track how many exceptions you grant (should be <5) - **Week 4:** Measure: "How many teams are using approved tools?" Goal: 80%+ --- ## FAQ **Q: Do I have to agree with the defaults?** A: No. Each policy statement has a "How to customize" note explaining the reasoning. Change what doesn't fit your org. Just document why. **Q: What if someone violates the policy?** A: See the Acceptable Use Policy → Enforcement section. First offense is retrain + audit. Second is escalation. **Q: Can we add more approved tools?** A: Yes. Follow the vendor evaluation process in the Risk Framework. Security + legal sign-off required. **Q: This is too strict / too loose.** A: The defaults are opinionated for the 50–500 person company. Adjust tier assignments, not the framework. --- ## Next Steps 1. **Customize the tokens** ({{company}}, {{approvedAiTool}}) 2. **Get executive sign-off** on the policy 3. **Load this into your change management system** (if you have one) 4. **Run Week 1 of the Playbook on Monday** Questions? See the "How to customize" section at the end of each file. Good luck. You've got this. 🚀