Activity
Acceptable-use policy
What's fine, what needs review, what's off-limits — in plain English, scoped to the tools you actually have. No forty-page PDFs.
M-Tech Labs AIEastbourne · UK
/ AI Consultancy / Responsible AI policyA policy your teams will actually follow.
Acceptable-use, disclosure and review rules written for real teams — short, specific and cross-referenced with the IS policies you already have.
01/ What's involved
From a blank page to a signed-off policy.
We work with your people — IS, HR, legal, ops — not at them. The point is a policy that's read, understood and followed, not one that exists on paper.
Activity
Disclosure & transparency rules
When staff have to disclose AI-assisted output to colleagues, clients or regulators — and the templated language for doing it.
Activity
Review & sign-off workflow
A lightweight approval path for new AI tools and use cases: who signs, what they need to see, and how long it takes.
Activity
Incident & exception handling
What happens when something goes wrong — a leaked prompt, a bad output, a misuse report. A documented path, not improvisation.
Activity
Employee guidance & training
A one-pager people read, a short deck the L&D team can run, and a refresh cadence that keeps it current as the tools change.
Activity
Policy lifecycle
Version control, review dates, approvers and a change log — so the policy stays alive rather than rotting in a SharePoint folder.
02/ What you get
Documents people keep and use.
- 01
AI acceptable-use policy
A short, signed-off policy document tuned to your org — scoped, readable, and cross-referenced with your existing IS policies.
- 02
Employee one-pager
A single-page quick-reference staff keep pinned — the five things they need to remember and who to ask when in doubt.
- 03
Review workflow & forms
The intake form, the triage rubric and the sign-off template — all of it running in the tools you already use.
- 04
Training deck
A 30-minute session your team can deliver, refreshed annually, with a short knowledge-check suitable for audit evidence.
03/ Why most policies don't stick
The failure modes we see.
These are consistent enough to list. A good policy engagement avoids all of them.
- Policy copied from a template and never scoped to the tools actually in use.
- Disclosure rules that theoretically apply but no-one can cite the clause.
- No route to request a new AI tool — so staff just use it and don't tell anyone.
- A training deck last updated before GPT-4 was released.
- Acceptable-use buried inside a 40-page IS policy nobody reads.
- No documented owner — the policy is "IT's" or "legal's", never both.
/ Backed by
Delivered by M-Tech Labs with the compliance and security discipline of M-Tech Systems — Cyber Essentials certified, aligned to NCSC CAF 4.0 and progressing through the Assurix trustmark programme.
Back to AI Consultancy/ Start a conversation
Write the policy once. Keep it alive.
A short engagement leaves you with a signed-off acceptable-use policy, an intake workflow and a training pack you can actually run.