AI Risk Assessment

Answer 16 short questions across four pillars to see how well your organisation is managing the risks that come with adopting AI. It takes about five minutes, and you will get an instant maturity rating with practical next steps.

Step 01 / 05

Governance and Accountability

Who owns AI risk, and how decisions are made, recorded and reviewed.

Is there a named owner accountable for AI risk in your organisation?

Someone with a clear mandate, not just an informal champion.

Do you maintain a register of the AI tools and systems in use?

Including tools brought in by individual teams.

Are there written policies governing acceptable AI use?

Policy that staff have actually seen, not just an intention.

Is AI use assessed against your regulatory and legal obligations?

For example data protection, sector rules and contractual duties.

Step 02 / 05

Data and Privacy

How the data feeding your AI tools is sourced, protected and retained.

Do you know what data your AI tools can access?

Files, mailboxes, systems and records the tools can reach.

Is sensitive or personal data masked before it reaches AI systems?

Redaction, tokenisation or filtering of personal and confidential data.

Are data retention and deletion rules applied to AI inputs and outputs?

Prompts, uploads and generated content all count.

Do third-party AI vendors meet your data protection standards?

Where and how they process and store your data.

Step 03 / 05

Security and Resilience

Protecting AI systems from misuse, attack and unplanned failure.

Are AI systems covered by your security monitoring?

Logging and alerting that includes AI activity.

Have you tested AI tools for misuse or prompt-based attacks?

Attempts to make the tool leak data or behave unsafely.

Is access to AI systems controlled and authenticated?

Who can use them, with what permissions.

Do you have a response plan for an AI-related incident?

For example a data leak or a harmful AI output.

Step 04 / 05

People and Adoption

How safely your people understand and use AI day to day.

Have staff been trained on safe and responsible AI use?

Practical guidance, not just a one-off email.

Do employees know how to report an AI concern?

A clear, known channel to raise a worry or mistake.

Is AI adoption guided to avoid shadow or unsanctioned tools?

Steering people towards approved, safer options.

Are the benefits and limits of AI clearly communicated?

So expectations are realistic and risks understood.

Structural Analysis

Framework Logic

Governance and Accountability

Who owns AI risk, and how decisions are made, recorded and reviewed.

Data and Privacy

How the data feeding your AI tools is sourced, protected and retained.

Security and Resilience

Protecting AI systems from misuse, attack and unplanned failure.

People and Adoption

How safely your people understand and use AI day to day.

AI Risk Assessment

Governance and Accountability

Data and Privacy

Security and Resilience

People and Adoption

Get your AI Risk Profile

Framework Logic

Governance and Accountability

Data and Privacy

Security and Resilience

People and Adoption