AI Governance Policy for Small Business — A Plain-English Framework

Why this policy now

If your business doesn't have a written AI acceptable-use policy, your employees are using consumer AI tools right now — ChatGPT, Claude.ai, Gemini, Perplexity — for work tasks. They're pasting client emails to get help responding, summarising contracts, drafting policy responses, debugging code. Some of that data may be used to train future models, may sit in chat history accessible to the vendor, and may surface in another user's session under bizarre circumstances. We covered the “shadow AI” phenomenon in Shadow AI: The Security Risk Hiding in Your Employees' Browsers.

A written policy doesn't solve the problem on its own. But it gives you four things you don't otherwise have:

A defensible answer when a client, regulator, insurer, or acquirer asks “what's your AI policy?”
A standard to train against, so employees know what's permitted.
A basis for disciplinary action if someone wilfully ignores it.
A starting point for the tooling decision — once the policy says “consumer ChatGPT is not approved,” the business has to either enforce that or provide a sanctioned alternative.

The seven sections

Scope and purpose

Who the policy applies to (all employees and contractors using business systems), what it covers (use of any AI/LLM tool for business work, whether company-licensed or personal), and why it exists (data confidentiality, regulatory obligations, intellectual property protection).

Approved tools and unapproved tools

A short list of AI tools approved for business use (e.g., Microsoft 365 Copilot, Google Gemini for Business, an enterprise ChatGPT instance) and an explicit prohibition on using consumer or unapproved tools (e.g., free ChatGPT, Claude.ai personal accounts, Gemini personal accounts) for any work involving client data, financial data, or confidential information.

What you can and cannot put into AI tools

Explicit categories of data that may never be entered into any AI tool: client personally identifiable information, financial account details, regulated health information, trade secrets, source code, contracts, credentials, anything marked Confidential. Categories that are permitted: public information, anonymised or aggregated data, prompts that don't require sensitive context.

Output review and accountability

AI output is the user's responsibility. Anything generated by an AI tool and used in business work (emails, documents, code, decisions) must be reviewed and validated by the human user before being relied on. Hallucinations, factual errors, and biased outputs are the user's problem to catch, not the tool's.

Disclosure and citation

When AI-generated content goes to clients, regulators, or in legally significant documents, the policy should require disclosure where appropriate. Different industries have different norms; the policy should state the business's stance.

Incident reporting

If an employee inadvertently shares confidential data with an AI tool, what they should do (immediate report to the named contact, request for chat-history deletion where supported, documented investigation). No punishment for honest mistakes promptly reported.

Review cadence and ownership

Who owns the policy (typically the vCISO or designated security lead), how often it's reviewed (at least annually, plus when significant new tools are adopted), and how employees acknowledge it (signed annually, included in onboarding).

Template language you can adapt

Sample language for the highest-stakes sections — sections 02 and 03 above:

Section 02 — Approved tools

“[COMPANY] approves the following AI tools for business use: Microsoft 365 Copilot (within the [COMPANY] tenant), and any other tool explicitly added to this approved list by the [SECURITY LEAD]. Use of consumer or personal AI tools — including but not limited to free ChatGPT, Claude.ai personal accounts, Gemini personal accounts, and any other generative AI service not contracted by [COMPANY] — is prohibited for any work that involves [COMPANY] data, client information, financial data, or confidential business matters. Personal use of consumer AI tools on personal devices, for non-work purposes, is outside the scope of this policy.”

Section 03 — Data restrictions

“The following data categories must never be entered into any AI tool, approved or otherwise:

Personally identifiable information of clients, employees, or third parties
Financial account numbers, payment-card data, banking credentials
Protected health information (PHI) under HIPAA
Controlled Unclassified Information (CUI) under DFARS/CMMC
Trade secrets, source code, or proprietary business information not already public
Authentication credentials of any kind
Documents marked Confidential, Restricted, or with equivalent sensitivity labels
Anything subject to attorney-client privilege or accountant-client confidentiality

The following categories may be entered into approved AI tools only: publicly available information, fully anonymised or aggregated data, prompts that do not require the inclusion of sensitive context to be answered usefully.”

On legal review

This is a starting framework, not finished legal language. Have your attorney review the policy before adoption, particularly the sections on disciplinary consequences, intellectual property in AI-generated work, and disclosure obligations. State and industry requirements vary.

The 30-day rollout plan

Days 1–5: Draft the policy using the seven-section framework. Involve at minimum the owner, IT lead, and any legal counsel.
Days 5–10: Decide tool standardisation. If you're going to allow approved AI use, pick the enterprise tool now (M365 Copilot, Gemini for Business, ChatGPT Enterprise) and start the procurement process.
Days 10–15: Leadership review and sign-off. Confirm the disciplinary teeth the policy has, the named owner, and the review cadence.
Days 15–20: All-hands rollout. 15-minute session covering what's changing, why, what's permitted, what to do if you've already done something the policy now prohibits.
Days 20–25: Acknowledgement collection. Every employee signs that they've read the policy. New hires sign at onboarding from now on.
Days 25–30: Tooling enforcement. If consumer AI tools are now prohibited, block them at the network or DNS layer where practical, document exceptions, and monitor.
90-day review: Has the policy held up? Are people finding workarounds? Update the approved tools list as the enterprise stack matures.

The pair: policy + sanctioned alternative

A policy that prohibits consumer AI tools without providing a sanctioned alternative is a policy people will route around. If your business genuinely benefits from AI-assisted work, deploy an enterprise tool. Microsoft 365 Copilot is the natural fit for M365 shops — we cover the configuration in M365 Copilot Security for SMBs.

AI policy assessment

We help you draft a defensible AI acceptable-use policy, pick the sanctioned tool, and roll out enforcement. Free 30-minute consultation to scope.

Book the free assessment