Pillar: Data risk
Outcome: Every AI user has acknowledged the policy—and the log starts now.
AI is entering your stack faster than anything else. Today that often means unknown tools, no policy sign-off, and no audit trail. This campaign gets ahead of it with a record:
Policy → acknowledged
Unsanctioned AI → alternative
Usage → documented
Is this the right campaign for you?
|
|
Where you are today | Any stage—even teams that haven't run a nudge campaign yet see fast value here. |
Best for teams that | Are under leadership pressure about AI, or operate in regulated or sensitive environments. |
Time commitment | About 3 weeks. |
Prerequisites | An AI acceptable use policy that exists, is approved, and has a stable URL. |
The nudges you'll use
Template | What it does |
Request generative AI policy review | The anchor—captures policy acknowledgment and creates the audit trail. |
Provide alternative app option | Steers users from unsanctioned AI to your approved assistant. |
Request clarification of use | Captures rationale for users who stay on unsanctioned AI tools. |
Your three-week sequence
When | Nudge | What to do |
Week 1 | Request AI policy review | Send to every user who has an AI account. Link directly to your acceptable use policy, or use our boilerplate template. |
Week 2 | Provide alternative app | Point users on unsanctioned AI at your approved assistant. |
Week 3 | Request clarification | Pull the policy-acknowledgment report. Capture legitimate-use documentation from anyone still on unsanctioned AI. |
Run it as a standing rule—every newly discovered AI user gets the policy ask automatically.
What your users see
The policy nudge asks for a single, clear action—review the policy, accept—with the policy linked right in the nudge:
Each acceptance is logged—audit-ready evidence for SOC 2, EU AI Act, and NIST AI RMF references. And note the tone: no naming and shaming. Don't ban tools by name—steer users to approved ones in a separate, friendly follow-up.
How you'll measure success
Target | Metric |
≥70% | AI policy acknowledgment within 21 days |
≥30% | Migration to approved AI from unsanctioned tools |
100% | AI inventory documented for identified users |
<5% | Repeat unsanctioned signups within 30 days |
Watch-outs
Make sure your AI policy actually exists and is approved before you nudge.
Don't ban tools by name in the copy. Frame it as "use these approved tools instead."
Need HR or Legal sign-off first? Run the brief through them—contact support or your account team for a template.
Reporting your results up
Talking points to adapt for your next leadership update or QBR (example numbers shown):
"AI inventory grew from 12 to 38 apps and is fully documented for the first time."
"240 users acknowledged the AI policy—audit trail captured for SOC 2 and the EU AI Act."
"Migrated 60 users to the approved AI assistant; sanctioned AI is now the dominant pattern."
What's next
No policy to point to yet? Support or your account team can share a sample AI acceptable use policy, plus a board-ready slide template that turns these metrics into a one-page narrative.