Lesson status
Not completed
Mark lesson complete
Not completed
Saved only in your browser. Return to the course index to see overall progress.
Capstone • Board-ready
Capstone: AI Governance Mini-Policy
Draft a short policy your board or leadership team can review and adopt.
1–2 pages
Clear boundaries
Accountability
Deliverable sections
- Purpose & scope: what this policy covers.
- Approved uses: 1–3 allowed use cases.
- Prohibited uses: 3–7 “we will not…” boundaries.
- Data boundaries: do-not-paste list + redaction rules.
- Risk review: when a risk assessment is required.
- Roles: owner/reviewer/approver + incident lead.
- Transparency: what you disclose and how people opt out.
- Review cadence: how often this policy is reviewed.
Mini-policy starter text (copy/paste)
Policy: AI Governance & Responsible Use Purpose: We use AI to support our mission while protecting privacy, equity, and trust. We do not use AI for surveillance, risk scoring, or automated decisions about individuals. Approved uses (examples): - Drafting and editing public communications (human review required) - Grant writing support using non-sensitive, verified information - Summarizing internal policy documents (no sensitive client data) Prohibited uses: - Automated eligibility decisions or ranking people - Monitoring, profiling, or predicting individual behavior - Uploading sensitive personal data into AI tools Oversight: Each AI use case must have an Owner, Reviewer, and Approver. Incidents follow our response checklist. Review cadence: Quarterly, or after any significant incident/tool change.