governance

Anthropic's Claude Code source code was accidentally exposed via a .map file in their npm registry. Here's what the leak reveals and what small teams should learn about AI vendor security and governance.

How GDPR and CCPA apply when your team uses AI tools — what counts as personal data, when you need a DPA, and the practical steps to stay compliant without a legal team.

No AI team, no compliance officer — who owns AI governance? A practical RACI and role guide for small teams running AI without dedicated resources.

When your SaaS tools ship with AI features built in — Notion AI, Copilot, HubSpot AI, Zoom AI — your team is using AI whether you approved it or not. Here's how to govern it.

A practical template to inventory every AI tool your team uses — approved and shadow — with ownership, data handling, and review dates.

A practical onboarding template to get new hires using AI tools safely from day one — policy acknowledgment, approved tool list, and a 15-minute briefing guide.

Ship a credible AI policy baseline this week: what to document first, which templates to reuse, and the rollout sequence that works without a compliance team.

Run AI governance like a product ops loop: explicit rituals, lightweight artefacts, and decision rights so small teams keep pace without compliance theatre.

A practical comparison framework for choosing AI monitoring, safety, and observability tools for small teams—criteria, trade-offs, and how to align with your governance baseline.

A step-by-step workflow to audit AI usage in your organisation—inventory, sampling, interviews, and follow-ups you can run without a compliance department.

A practical guide to building your first AI governance framework — without a compliance department. Covers the five components every small team needs.

A practical guide for small teams on when you become a “modifier” under the EU AI Act, how to classify AI systems, and what controls to add without slowing delivery.