Activity
Acceptable-use policy
What's fine, what needs review, what's off-limits — in plain English, scoped to the tools you actually have. No forty-page PDFs.
Eastbourne · UK
/ AI Consultancy / Responsible AI policyA policy your teams will actually follow.
Acceptable-use, disclosure and review rules written for real teams — short, specific and cross-referenced with the IS policies you already have.
01/ What's involved
From a blank page to a signed-off policy.
We work with your people — IS, HR, legal, ops — not at them. The point is a policy that's read, understood and followed, not one that exists on paper.
Activity
Disclosure & transparency rules
When staff have to disclose AI-assisted output to colleagues, clients or regulators — and the templated language for doing it.
Activity
Review & sign-off workflow
A lightweight approval path for new AI tools and use cases: who signs, what they need to see, and how long it takes.
Activity
Incident & exception handling
What happens when something goes wrong — a leaked prompt, a bad output, a misuse report. A documented path, not improvisation.
Activity
Employee guidance & training
A one-pager people read, a short deck the L&D team can run, and a refresh cadence that keeps it current as the tools change.
Activity
Policy lifecycle
Version control, review dates, approvers and a change log — so the policy stays alive rather than rotting in a SharePoint folder.
02/ What you get
Documents people keep and use.
AI acceptable-use policy
A short, signed-off policy document tuned to your org — scoped, readable, and cross-referenced with your existing IS policies.
Employee one-pager
A single-page quick-reference staff keep pinned — the five things they need to remember and who to ask when in doubt.
Review workflow & forms
The intake form, the triage rubric and the sign-off template — all of it running in the tools you already use.
Training deck
A 30-minute session your team can deliver, refreshed annually, with a short knowledge-check suitable for audit evidence.
03/ Why most policies don't stick
The failure modes we see.
These are consistent enough to list. A good policy engagement avoids all of them.
- Policy copied from a template and never scoped to the tools actually in use.
- Disclosure rules that theoretically apply but no-one can cite the clause.
- No route to request a new AI tool — so staff just use it and don't tell anyone.
- A training deck last updated before GPT-4 was released.
- Acceptable-use buried inside a 40-page IS policy nobody reads.
- No documented owner — the policy lives with IT, or with legal, never both.
/ Backed by
Delivered by M-Tech Labs with the compliance and security discipline of M-Tech Systems — Cyber Essentials certified, aligned to NCSC CAF 4.0 and progressing through the Assurix trustmark programme. Code is continuously scanned for quality and security with Aikido, and hosted software runs on our own Nutanix / Fortinet platform — continuously pen-tested, current-version, UK-based. See secure development for the full picture.
Back to AI Consultancy/ Start a conversation
Write the policy once. Keep it alive.
A short engagement leaves you with a signed-off acceptable-use policy, an intake workflow and a training pack you can actually run.