Practical AI Advisory

Service 02

AI Governance & Guardrails Review

A focused review where the main concern is exposure: policy gaps, shadow use, data handling risk, and loss of control.

Method: where useful, the review is informed by recognised governance and ethics reference points including the NIST AI Risk Management Framework, the GOV.UK Data and AI Ethics Framework, the UK’s cross-sector AI regulatory principles, ICO guidance, and standards or principles such as ISO/IEC 42001, ISO/IEC 23894, and the OECD AI Principles.

This is an advisory review informed by these reference points, not a formal standards assessment, legal opinion, compliance certification, or regulatory sign-off.

Price guide: from £1,250 ex VAT (scoped quote after pre-work)
7-10 working days 30-60 mins stakeholder time 1-2 short stakeholder sessions

Who it is for

  • AI is already happening and control feels unclear
  • IG or governance concerns need rapid clarity
  • Teams needing defensible options for leadership decisions

Not the right fit if

  • You are at very early stage with no confirmed AI activity
  • You need a full strategic readiness roadmap across many areas
  • You are looking for certification or formal compliance sign-off

Problems this solves

Before

  • Policy exists but day-to-day behaviour drifts
  • Shadow AI and third-party usage are hard to see
  • Leaders cannot judge whether controls are proportionate

After

  • Reality check of behaviour vs policy
  • Risk posture and immediate control gaps made explicit
  • Minimum / sensible / stronger options with trade-offs

What is included

  • Focused document and context review
  • Reality check: behaviour versus written policy
  • Immediate gap view and short-term risk priorities
  • Defensible control options: minimum, sensible, stronger

Process and timeline

  1. Step 1: Pre-work and relevant policy/process docs collected.
  2. Step 2: One to two short stakeholder sessions focused on real behaviour.
  3. Step 3: Gap analysis and risk posture drafted.
  4. Step 4: Defensible options delivered for decision.

Typical turnaround: 7-10 working days from completed pre-work.

Your time required: 30-60 mins stakeholder time plus questionnaire and relevant policy/process docs.

Service-specific FAQ

Do you assess actual behaviour or just policy documents?
Both. The review checks behaviour versus policy so leadership can see where practical use sits outside agreed controls.
What do minimum / sensible / stronger options mean?
They are tiered control sets so you can choose a governance level matched to risk appetite, urgency, and available capacity.
Can you work with our existing governance instead of replacing it?
Yes. This service is designed to tighten existing arrangements, not force a full reset.
How quickly can we start if concerns are urgent?
Because scope is focused, delivery is usually 7-10 working days from completed pre-work and document access.
What outputs can we use with leadership or compliance teams?
You receive a clear risk posture summary, immediate gap view, and defensible options to support leadership and compliance discussions.
Request a Governance & Guardrails Review Compare all services

Also consider: AI Readiness Review or the wider AI advisory services.

Accessibility options

Text size