Do we need this if we're not yet using AI internally?

Yes - especially if you're about to. The Policy Pack lands the rules, classification scheme and approval gates *before* AI use scales. Trying to retrofit governance after AI is widespread is what creates the procurement scramble we see most often.

What's R/A/G data classification, and where does it apply?

Three tiers: Red (no AI - personal data, security-sensitive, regulated), Amber (gated AI use with source-backed review), Green (approved AI use). Classification runs at the upload boundary across every BuiltAI workflow. Rules are published in the Policy Pack for your team to apply.

Will procurement teams accept the AI Schedule?

It's designed for procurement-questionnaire compatibility - covers IP terms, sub-processing, liability cap, training-data exclusion, audit rights and disclosure language. Most procurement teams accept it without negotiation; the rare changes are usually liability cap or disclosure wording.

Pack 08 · AI Governance Policy Pack

Make AI usage procurement-safe, auditable and controlled.

Adopt AI without losing control.

Book a Readiness Call Take the Readiness Scorecard

app.built-ai.io / packs / ai-governance-policy-pack

AI Governance Policy Pack

Workflow
Templates
Evidence
Approvals
Audit log

08 · liveDrafting

Adopt AI safely

Acceptable use policy (AUP)drafting
R/A/G data classification rulesdrafting
Human approval gatesdrafting
Audit trail + immutable logsdrafting
DPIA templatedrafting

30-second walk-through

Watch AI Governance Policy Pack run on a real engagement.

Recorded inside the BuiltAI app against a redacted client dataset. Same QA gates, same evidence pattern, same approval rhythm you'll get on day one.

Walk-through landing soon

We're recording the AI Governance Policy Packwalk-through against a redacted pilot dataset. Drop us a note if you'd like an early preview.

What gets installed

Productised workflow components

Each item below is delivered as a templated, governed workflow piece - not a bespoke build. Same QA gates apply regardless of which pack you start with.

Acceptable use policy (AUP)

R/A/G data classification rules

Human approval gates

Audit trail + immutable logs

DPIA template

Procurement disclosure schedule

What we need from you

To run a useful audit and deploy this pack

We don't need everything up-front - but the more of the below we can see early, the sharper the diagnostic and the faster the workflow lands.

Current AI / IT acceptable-use policy if any
List of AI services in use (sanctioned or otherwise)
Procurement / supplier code requirements you need to meet
One nominated governance sponsor (often legal / compliance)
Sample contract schedule template you'd want AI clauses inserted into

The pattern

What this pack solves and how it lands

Problem

Teams often know the issue exists, but lack a repeatable workflow, ownership model and reporting structure to control it.

Commercial impact

Unclear ownership and inconsistent evidence create rework, delay, margin pressure and governance risk.

Success criteria

Clear owners, consistent templates, visible status, QA checks and a repeatable reporting rhythm.

Governance controls

Evidence index, assumptions register, QA gates, client approval and professional boundary wording where required.

Outcomes

What "done" tends to look like

Every figure below carries a disclosure label per BuiltAI's governance approach. Actual findings depend on contract value, data quality and commercial-process maturity.

Target outcome

100%

Of AI invocations classified + logged

100%

Target outcome

Red-classified data reaching any AI service

100%

Typical

Procurement-ready disclosure schedule per client

82%

Sits alongside

BuiltAI runs alongside the systems your team already uses - it does not replace them. This pack is built to fit:

Microsoft 365 Copilot
Google Workspace
Internal RAG / custom AI
Procurement questionnaire workflows

A BuiltAI output, in five seconds

What this pack actually returns.

Every BuiltAI output is scoped to a pack and traced to a source. That's what makes it a governed output, not just an LLM call.

Internal AI use request

Site team asks: can we use a public LLM to summarise this 90-page method statement before tomorrow's site meeting? Document is marked 'commercial in confidence.'

BuiltAI output

Decline (per AI Use Policy §3.2 - confidential docs not permitted on public endpoints). Approved path: route via BuiltAI summarisation workflow, which keeps document inside tenant boundary. Estimated turnaround 6 minutes. Audit row written: requester, doc class, decision, alternative offered.

Governed by: AI Governance Policy Pack v1 - acceptable-use gates

Cited from: BuiltAI AI Use Policy §3.2 + data classification matrix

Illustrative output - editorial example, not live AI. Every BuiltAI deliverable carries the same governance + citation pair.

When procurement asked us how we were governing AI, we sent them the policy pack and the audit log structure on the same day. Conversation went from twelve weeks to two.

Group Head of Risk, contracting businessIllustrative

Common questions

Buyer FAQs about AI Governance Policy Pack

Do we need this if we're not yet using AI internally?
Yes - especially if you're about to. The Policy Pack lands the rules, classification scheme and approval gates *before* AI use scales. Trying to retrofit governance after AI is widespread is what creates the procurement scramble we see most often.
What's R/A/G data classification, and where does it apply?
Three tiers: Red (no AI - personal data, security-sensitive, regulated), Amber (gated AI use with source-backed review), Green (approved AI use). Classification runs at the upload boundary across every BuiltAI workflow. Rules are published in the Policy Pack for your team to apply.
Will procurement teams accept the AI Schedule?
It's designed for procurement-questionnaire compatibility - covers IP terms, sub-processing, liability cap, training-data exclusion, audit rights and disclosure language. Most procurement teams accept it without negotiation; the rare changes are usually liability cap or disclosure wording.

How it works

Where this pack sits in the engagement model

Step 1 - Discovery

Operational Intelligence Audit™ - fixed-scope, four-week engagement with QA2 sign-off.

Step 2 - Deploy

Controlled workflow deployment - AI-assisted, QA-gated, client-approved before issue.

Step 3 - Embed

Ongoing governance rhythm - monthly board reports, RAG reviews, continuous improvement.

The foundation underneath every other workflow - usually deployed in Step 2 alongside the first pack.

Adjacent workflows

Pairs well with this pack

AI Governance is the audit trail every other pack references - Bidroom uses it for tender models, RAMS for safety drafting, Commercial Control for variation narratives. Pair them when AI sits anywhere on the critical path.

Illustrative scenarioAI Governance FoundationPre-construction team adopting AI tools without classification, approval gates or disclosure language in client outputs.Read the scenario

Bidroom-in-a-Box

Turn tenders into controlled workflows

Read pack

RAMS Factory

Standardise safety documentation

Read pack

Commercial Control Kit

Protect margin before it leaks

Read pack

Long-form on this topic

Read deeper into ai governance.

Frameworks and checklists from the audit playbook - same discipline that the AI Governance Policy Pack workflow installs.

Browse the ai governance category

Engagement modes

AI Governance Policy Pack sits inside one of three engagement modes.

Indicative ranges - confirmed in the SOW after the discovery call. Full pricing breakdown.

Discovery audit
From a four-figure fixed fee
2 weeks · audit-only
Most common
Pilot pack
From low five figures
6–10 weeks · AI Governance Policy Pack
Governance retainer
From a four-figure monthly fee
Rolling · 3-month minimum

Ready to scope this pack against your real data?

Book a readiness call. We'll confirm whether this pack, an audit, or a different starting point fits your operation.

Request Governance Review See all workflow packs