Skip to content

AI

Adopting AI safely in a small team

You don't need a moratorium. You need a four-step plan and a one-page policy.

AI adoption is happening whether you've approved it or not.

Step 1 — discover

  • Email all staff: “Which AI tools? What data?”
  • Cross-check Microsoft 365 admin reports.
  • Look at browser history (with permission).

Step 2 — classify

  • Green: public info. Most tools fine.
  • Amber: internal-not-sensitive. Paid tier with training disabled.
  • Red: customer/financial. Only tools with a clear DPA.

Step 3 — standardise

  • Pick one tool the company will pay for and train on.
  • Disable training-on-prompts.
  • Train staff on the chosen tool.

Step 4 — policy & light governance

  • One A4 page: OK / Not OK.
  • Add AI to the tools register.
  • Review every 6 months.

Common mistakes

  • Banning AI without alternatives.
  • Letting agents act unsupervised.
  • Confusing Microsoft Copilot products.