Turn scattered AI use into a written policy, an approved-tools register, an employee discovery survey, an incident checklist, and a 90-day rollout plan.
Your team is already using AI through browser extensions, personal accounts, meeting assistants, and features switched on inside tools you already pay for. Most of that use stays invisible until something goes wrong.
This kit gives you the working documents. You make the decisions, record them in the templates, and finish with rules your staff can follow.
A Computer Use Policy governs the systems the business installed and the accounts IT controls. AI enters through none of those doors. Four differences matter before you write a single rule.
Covers the systems the business installed. Software arrives through IT, accounts get created on purpose, and the policy names what is allowed on company equipment.
Covers the tools nobody installed. AI arrives through personal accounts, browser extensions, and features switched on inside software you already pay for. The first job is finding it.
Catches violations inside your own systems. An unauthorized program or a blocked site leaves evidence IT can find and act on.
Covers exposure that leaves no trace on your side. Client data pasted into a chatbot creates no log and no file; the only copy sits on a vendor's servers, under the vendor's terms.
Describes a stable environment. The file server, the VPN, and the shared drives work the same way they did at the last policy review.
Chases a moving target. Vendors change data terms, memory, and connectors between renewals, which is why the kit pairs thirteen fixed rules with living registers built to absorb the change.
Tells staff to watch for fakes that look fake. Phishing awareness assumes bad spelling, odd addresses, and requests that feel off.
Faces fakes that look right. AI-generated email, voice, and video pass every instinct check, so callback rules and payment thresholds now have to be written down.
The kit is the working-document version of Treo's 16-part AI Risk Series. Read the series for the reasoning behind each rule, or use the adoption path guide to see how the documents fit together.
The documents are not just a pile of templates. They move in order: discover what AI use already exists, decide what the business will allow, then roll the rules into daily work.
The kit keeps the policy process practical: the language is plain, the decisions are visible, and the files stay editable before legal review.
Written for business owners and managers who need usable rules, not a legal memo.
Highlighted placeholders show exactly what still needs to be decided, so a document is done when no highlights remain.
Word and Excel files can be adapted to your business before legal review and staff rollout.
The kit covers the practical ground: which tools are approved, what data may enter them, how requests get verified, and what to capture when something goes wrong.
AI policy also intersects with privacy legislation, employment law, and your specific contractual obligations. Review the finished documents with legal counsel before adopting them.
The facilitated version of this kit: same documents, finished with you in about three weeks, for a fixed fee.
A 60-minute remote session names your policy owners and launches the employee survey. Treo reviews what comes back and pre-fills your tools register.
Up to three hours, remote. We walk through the thirteen decisions against your real tool inventory, triage discovered tools, and fill the documents live.
Within five business days, you receive the completed policy, register, data-use table, and 90-day plan. A 30-minute day-30 check-in is included.
$1,450 fixed fee, plus GST
No hourly charges. 50% at booking, 50% at delivery. About five hours of your time, all sessions remote.
The download is free. The guided build is optional. The documents still need business decisions and legal review before adoption.
AI needs its own policy because a Computer Use Policy governs the systems your business installed, and AI is the technology that installs itself: staff sign up with personal accounts, and vendors switch AI features on inside software you already pay for. AI use leaves no trace in your own systems, vendor terms change quarterly, and generated email and voice defeat the fakes-look-fake assumption your security awareness training relies on.
The complete AI Policy Kit is free, including the policy template, the register workbook, and every supporting document. Treo publishes it because the AI Risk Series promised working documents, and because businesses that put basic AI rules in place now avoid the incidents that are much more expensive to clean up later.
The AI Policy Kit is built for small and mid-sized businesses that want a written AI usage policy without starting from a blank page. The owner or a senior manager makes the decisions the documents call for, and your IT provider handles the technical checks.
The AI Policy Kit is a starting template, not legal advice. Privacy obligations and notification duties depend on your situation and change over time, so review the finished documents with your legal counsel before adopting them.
The Guided AI Policy Build is a fixed-fee engagement where Treo facilitates the kit with you: we run the employee discovery survey, walk you through the thirteen decisions in a working session, and deliver your finished documents in about three weeks. The fee is $1,450 plus GST and credits toward your onboarding if you become a Treo managed services client within six months. Booking starts with a free 30-minute fit call.
Download the free documents if you want to work through the policy yourself. Book a fit call if you want Treo to run the discovery process and facilitate the decisions with you.
The guided build is fixed-fee, remote, and built around the same documents in the free kit.
Book a Fit Call