🟢AI Policy Readiness Checklist 🟢

(For public sector, health and education)

Score your gaps in 10 minutes. Red flags mean audit risk

# Question Check Now Yes/No

ISO 42001 Compliance & EU AI Act
book a discovery call

  1. Do you have a written AI policy or AI‑use guidelines?

    YES ☐ NO ☐

  2. Does the policy define high‑risk vs. low‑risk AI uses?

    YES ☐ NO ☐

  3. Are there clear rules for what AI can and cannot be used for?

    YES ☐ NO ☐

  4. Do you have an AI lead or governance group defined?

    YES ☐ NO ☐

  5. Is there a risk‑tiering process for new AI tools?

    YES ☐ NO ☐

  6. Do you maintain an AI inventory or algorithmic‑transparency register?

    YES ☐ NO ☐

  7. Is there mandatory staff training on AI policy?

    YES ☐ NO ☐

  8. Are there incident‑reporting routes for AI‑related issues?

    YES ☐ NO ☐

  9. Do you conduct regular AI‑risk assessments or DPIAs?

    YES ☐ NO ☐

  10. Is AI use aligned with data protection, equality, and security policies?

    YES ☐ NO ☐

  11. Do you have vendor‑due‑diligence processes for AI suppliers?

    YES ☐ NO ☐

  12. Is the AI policy reviewed annually or after significant changes?

    YES ☐ NO ☐

SCORE: ___/12

10-12 🟢 Strong – Annual review recommended, 7-9 🟡 Watch – Fix yellow gaps in 30 days, <7 🔴 DANGER – Audit risk imminent.