Free AI Policy Kit for Small Business

Turn scattered AI use into a written policy, an approved-tools register, an employee discovery survey, an incident checklist, and a 90-day rollout plan.

9 documents Editable Word and Excel files
13 decisions Plain-language policy choices
2 paths Download free or build with Treo

A written AI policy without the blank page

Your team is already using AI through browser extensions, personal accounts, meeting assistants, and features switched on inside tools you already pay for. Most of that use stays invisible until something goes wrong.

This kit gives you the working documents. You make the decisions, record them in the templates, and finish with rules your staff can follow.

Do it yourself

Free download

  • Work through the thirteen decisions at your own pace.
  • Use highlighted placeholders to see what still needs a decision.
  • Most businesses can produce a first usable policy in four to six weeks.

Build it with Treo

$1,450 fixed fee, plus GST

  • Treo runs the discovery survey and prepares the register.
  • One working session turns the decisions into finished documents.
  • Delivery takes about three weeks.

Your IT policy was written for a different problem

A Computer Use Policy governs the systems the business installed and the accounts IT controls. AI enters through none of those doors. Four differences matter before you write a single rule.

Your IT policy

Covers the systems the business installed. Software arrives through IT, accounts get created on purpose, and the policy names what is allowed on company equipment.

An AI policy

Covers the tools nobody installed. AI arrives through personal accounts, browser extensions, and features switched on inside software you already pay for. The first job is finding it.

Your IT policy

Catches violations inside your own systems. An unauthorized program or a blocked site leaves evidence IT can find and act on.

An AI policy

Covers exposure that leaves no trace on your side. Client data pasted into a chatbot creates no log and no file; the only copy sits on a vendor's servers, under the vendor's terms.

Your IT policy

Describes a stable environment. The file server, the VPN, and the shared drives work the same way they did at the last policy review.

An AI policy

Chases a moving target. Vendors change data terms, memory, and connectors between renewals, which is why the kit pairs thirteen fixed rules with living registers built to absorb the change.

Your IT policy

Tells staff to watch for fakes that look fake. Phishing awareness assumes bad spelling, odd addresses, and requests that feel off.

An AI policy

Faces fakes that look right. AI-generated email, voice, and video pass every instinct check, so callback rules and payment thresholds now have to be written down.

Built from the AI Risk Series

The kit is the working-document version of Treo's 16-part AI Risk Series. Read the series for the reasoning behind each rule, or use the adoption path guide to see how the documents fit together.

The kit works in three lanes

The documents are not just a pile of templates. They move in order: discover what AI use already exists, decide what the business will allow, then roll the rules into daily work.

Lane 1

Discover current use

How to Use This Kit Eight setup steps, a map of the thirteen decisions, and a completion checklist.
Employee AI Use Survey Six questions and a ready-to-send email that surface tools your team already uses.
AI Tool Intake Form The request path for new tools, with a reviewer guide for approvals.
Lane 2

Set the rules

AI Usage Policy Template Thirteen rules with fill-in decisions, incident reporting, and staff acknowledgement.
AI Tools and Data Register Approved tools, data-use table, vendor AI features, and intake log in Excel.
Start / Be Careful / Wait Guide Adoption triage for which AI uses to allow now, later, or not yet.
Lane 3

Roll it out

90-Day Implementation Plan Owner and date columns on every task, with the twelve-month horizon appended.
AI Governance Floor Reference Seven baseline controls and two habits on one page.
AI Incident Intake Checklist First-hour evidence capture for suspected exposure, fake media, or bad approvals.

Why this kit works

The kit keeps the policy process practical: the language is plain, the decisions are visible, and the files stay editable before legal review.

Plain language

Written for business owners and managers who need usable rules, not a legal memo.

Decision-driven

Highlighted placeholders show exactly what still needs to be decided, so a document is done when no highlights remain.

Editable documents

Word and Excel files can be adapted to your business before legal review and staff rollout.

A starting point, not legal advice

The kit covers the practical ground: which tools are approved, what data may enter them, how requests get verified, and what to capture when something goes wrong.

AI policy also intersects with privacy legislation, employment law, and your specific contractual obligations. Review the finished documents with legal counsel before adopting them.

The Guided AI Policy Build

The facilitated version of this kit: same documents, finished with you in about three weeks, for a fixed fee.

1

Kickoff and discovery

A 60-minute remote session names your policy owners and launches the employee survey. Treo reviews what comes back and pre-fills your tools register.

2

The working session

Up to three hours, remote. We walk through the thirteen decisions against your real tool inventory, triage discovered tools, and fill the documents live.

3

Finished documents

Within five business days, you receive the completed policy, register, data-use table, and 90-day plan. A 30-minute day-30 check-in is included.

$1,450 fixed fee, plus GST

No hourly charges. 50% at booking, 50% at delivery. About five hours of your time, all sessions remote.

  • Credits toward onboarding. Become a Treo managed services client within six months and the full fee applies to onboarding.
  • Limited monthly availability. A fit call reserves the next available start if the guided build is the right path.
Book a 30-Minute Fit Call

Common questions about the AI Policy Kit

The download is free. The guided build is optional. The documents still need business decisions and legal review before adoption.

Our IT policy already covers computer use. Why does AI need its own policy?

AI needs its own policy because a Computer Use Policy governs the systems your business installed, and AI is the technology that installs itself: staff sign up with personal accounts, and vendors switch AI features on inside software you already pay for. AI use leaves no trace in your own systems, vendor terms change quarterly, and generated email and voice defeat the fakes-look-fake assumption your security awareness training relies on.

Is the AI Policy Kit really free?

The complete AI Policy Kit is free, including the policy template, the register workbook, and every supporting document. Treo publishes it because the AI Risk Series promised working documents, and because businesses that put basic AI rules in place now avoid the incidents that are much more expensive to clean up later.

Who is the AI Policy Kit for?

The AI Policy Kit is built for small and mid-sized businesses that want a written AI usage policy without starting from a blank page. The owner or a senior manager makes the decisions the documents call for, and your IT provider handles the technical checks.

Is the AI Policy Kit legal advice?

The AI Policy Kit is a starting template, not legal advice. Privacy obligations and notification duties depend on your situation and change over time, so review the finished documents with your legal counsel before adopting them.

What is the Guided AI Policy Build?

The Guided AI Policy Build is a fixed-fee engagement where Treo facilitates the kit with you: we run the employee discovery survey, walk you through the thirteen decisions in a working session, and deliver your finished documents in about three weeks. The fee is $1,450 plus GST and credits toward your onboarding if you become a Treo managed services client within six months. Booking starts with a free 30-minute fit call.

Get the kit now, or finish it with help.

Download the free documents if you want to work through the policy yourself. Book a fit call if you want Treo to run the discovery process and facilitate the decisions with you.

The guided build is fixed-fee, remote, and built around the same documents in the free kit.

Book a Fit Call
Learn about AI advisory →