AI governance is being written about as if it were primarily a policy exercise. For most public-serving organizations, that framing is the source of the problem. Policy drafted before inventory produces statements that do not bind anyone, because no one knows what they refer to. Policy drafted after inventory, tiering, and workforce guidance produces an operating program that board members, staff, and auditors can actually use.
The framework below is the one we use in our engagements. It is not technology-heavy. It is designed for public education, public entities, healthcare, legal, and the insurance partners who serve them. It aligns to NIST AI RMF and ISO/IEC 42001 in structure but does not require a reader to have any familiarity with either.
The five parts
A defensible, operational AI governance program has five parts. In our experience, organizations that work these five parts in order reach a defensible posture in a quarter to six months. Organizations that try to start anywhere else usually stall.
1. Inventory
Inventory is the foundation and the part most often skipped. The goal is a current, maintained register of where AI is operating in the organization. This is not a list of "approved AI tools." It is a comprehensive view across three categories:
- Direct-use AI. Tools staff and students use intentionally: ChatGPT, Copilot, Gemini, classroom assistants, drafting add-ons, image generators.
- Embedded AI. Features inside enterprise software the organization already owns: productivity suites, SIS and ERP platforms, HR and recruiting systems, CRM, help desk, security tools. This is frequently the largest and least-governed category.
- Third-party delivered AI. Vendor services that process institutional data through AI, including chatbots on vendor-hosted portals, outsourced customer service, AI-assisted legal or professional services, and AI-powered analytics vendors.
For each entry, the inventory captures the owner, the data classifications the AI touches, the processing location, the model-training data handling, the level of human review, and the current governance status. The inventory is a living artifact, not a one-time report.
Inventories that capture only direct-use tools typically miss 60 to 80 percent of the organization's actual AI footprint.
2. Tiered risk classification
Once the inventory exists, each entry is classified by risk tier. Three tiers are usually sufficient:
- Low risk. Internal drafting, creative work, non-sensitive information, entirely human-reviewed output. Most general-purpose AI use in this category can be governed by acceptable-use guidance rather than individual review.
- Medium risk. Processing of sensitive internal data, decision support for consequential actions with human review, analytics on personally identifiable information. Requires documented vendor review, data-handling controls, and explicit approval before production use.
- High risk. Automated decisions on protected classes (employment, admissions, benefits, discipline), processing of protected health or financial information, student-safety implications, external customer-facing output without meaningful human review. Requires legal and privacy review, board-level awareness, and ongoing monitoring.
The tiers are calibrated to the organization's risk appetite and regulatory environment. A school district with FERPA obligations and a community trust position will tier differently from a corporate services firm.
The tiering discipline matters because it directs limited governance capacity. Over-governing low-risk activity burns goodwill and staff time. Under-governing high-risk activity creates the exposure that governance programs exist to prevent.
3. Procurement and renewal controls
Inventory and tiering are only useful if the organization can prevent uncontrolled growth of the footprint. Procurement and renewal controls are the choke points.
The standing change required in procurement intake is two questions at every new purchase and every renewal:
- Does the product currently include AI features that process our data?
- Are AI features planned for the upcoming contract term?
When the answer is yes, a standardized intake review triggers: data-handling review, contract addenda for data use and model training, disable-by-default configuration where available, and assignment to the inventory with a risk tier.
The same control applies to in-flight vendor updates. When a vendor announces an AI feature update to a product the organization owns, the inventory owner is notified and the new feature is reviewed before it goes to production.
This is not complicated to operationalize. It requires coordination between procurement, legal, privacy, security, and the AI governance owner. Most organizations that struggle with AI governance discover that the missing piece is this coordination, not the policy.
4. Workforce guidance and training
Workforce guidance answers the question staff actually ask: what can I use AI for, and how. The useful form is a short, practical document, one to two pages, that addresses:
- Approved tools and the conditions for each.
- Prohibited uses, stated in concrete terms with examples.
- Data-handling rules that map to the organization's existing data classification scheme.
- The path for requesting approval for a new use case.
- The path for reporting a concern, near miss, or unintended consequence.
The longer the document, the less anyone reads it. The most effective workforce guidance we have seen fits on a printed page and pairs with a 20-minute training.
Role-specific guidance adds to the base document where warranted: financial aid staff handle GLBA-covered data differently from communications staff; clinicians have distinct obligations around PHI; legal staff have ethical duties that interact with AI tools in specific ways.
5. Governance, review, and board reporting
The final part is the operating cadence that keeps the program current. In practice, this is:
- A named AI governance owner. One person with the authority and time to run the program. Often a CIO, CISO, or equivalent, but sometimes a dedicated role in larger organizations.
- A governance body. A small cross-functional committee with representation from legal, privacy, security, IT, HR, and, depending on sector, academic affairs, clinical operations, or regulatory compliance. Meets quarterly at a minimum.
- Board or executive reporting. A standing item that reaches the board or top executive body at least annually, with interim reports when material incidents or policy changes occur. Public-sector boards typically expect this on an annual cycle.
- Incident and issue tracking. A log of AI-related incidents, near misses, and issues, reviewed by the governance body and used to adjust policy and training.
- Annual review. A formal annual review of the inventory, risk tiering, procurement controls, and workforce guidance. Regulatory and technology change is fast enough that a longer cycle produces stale governance.
What this is not
This framework is intentionally not a technical AI safety program. It does not cover model-level red-teaming, fine-tuning governance, or the specific controls an organization would need to build its own AI products. Those are different work. For public-serving organizations that consume AI products rather than build them, the framework above is the defensible operational core.
It is also not a compliance document. It is an operating program. The compliance artifacts (policy, procedure documents, training records, vendor addenda) fall out of the program naturally as each part matures. Organizations that try to produce the compliance artifacts first, without the operating program behind them, usually end up with binders that cannot withstand inquiry.
What good looks like at six months
Six months into a focused effort, a public-serving organization that has worked this framework typically has:
- A current inventory of 25 to 75 AI entries, with tier classification and owner.
- Procurement and renewal intake that catches new AI features before production.
- A one-page workforce guidance document and completed baseline staff training.
- A governance body meeting quarterly with a documented charter.
- A first annual board or executive report.
- A short list of medium- and high-tier items with explicit governance decisions.
That is a defensible program. It is not complete, because no AI governance program is ever complete, but it is current, evidenced, and operating.
How Firestorm helps
Our AI governance and readiness work follows this framework. We build the inventory, facilitate the tiering, draft the procurement and workforce guidance, and establish the governance cadence with the organization's leadership team. For insurance partners, we extend the framework across the member portfolio, so the program scales without a proportional staffing increase.
Have questions or need support with AI governance? Start a conversation.