What do minimum, sensible, and stronger options mean?

These are tiered governance options so leadership can choose a control level based on risk appetite, urgency, and available capacity.

Service 02

AI Governance & Guardrails Review

A focused review where the main concern is exposure: policy gaps, shadow use, data handling risk, and loss of control.

Method: built on NIST AI RMF, interpreted for UK regulated environments using the UK’s cross-sector AI regulatory principles and ICO guidance, with reference to the NIST Generative AI Profile where relevant, and informed by ISO/IEC 42001, ISO/IEC 23894, and OECD trustworthy AI principles, taking account of emerging regulatory regimes such as the EU AI Act where relevant.

Price guide: from £1,250 ex VAT (scoped quote after pre-work)

7-10 working days 30-60 mins stakeholder time 1-2 short stakeholder sessions

Who it is for

AI is already happening and control feels unclear
IG or governance concerns need rapid clarity
Teams needing defensible options for leadership decisions

Not the right fit if

You are at very early stage with no confirmed AI activity
You need a full strategic readiness roadmap across many areas
You are looking for certification or formal compliance sign-off

Problems this solves

Before

Policy exists but day-to-day behaviour drifts
Shadow AI and third-party usage are hard to see
Leaders cannot judge whether controls are proportionate

After

Reality check of behaviour vs policy
Risk posture and immediate control gaps made explicit
Minimum / sensible / stronger options with trade-offs

What is included

Focused document and context review
Reality check: behaviour versus written policy
Immediate gap view and short-term risk priorities
Defensible control options: minimum, sensible, stronger

Process and timeline

Step 1: Pre-work and relevant policy/process docs collected.
Step 2: One to two short stakeholder sessions focused on real behaviour.
Step 3: Gap analysis and risk posture drafted.
Step 4: Defensible options delivered for decision.

Typical turnaround: 7-10 working days from completed pre-work.

Your time required: 30-60 mins stakeholder time plus questionnaire and relevant policy/process docs.

Service-specific FAQ

Do you assess actual behaviour or just policy documents?

Both. The review checks behaviour versus policy so leadership can see where practical use sits outside agreed controls.

What do minimum / sensible / stronger options mean?

They are tiered control sets so you can choose a governance level matched to risk appetite, urgency, and available capacity.

Can you work with our existing governance instead of replacing it?

Yes. This service is designed to tighten existing arrangements, not force a full reset.

How quickly can we start if concerns are urgent?

Because scope is focused, delivery is usually 7-10 working days from completed pre-work and document access.

What outputs can we use with leadership or compliance teams?

You receive a clear risk posture summary, immediate gap view, and defensible options to support leadership and compliance discussions.

Request a Governance & Guardrails Review Compare all services

Also consider: AI Readiness Review or Full AI Readiness Assessment Report.