AI Readiness Assessment

1.1 What is your company's stance on AI?

1.2 Are you currently implementing AI tools internally?

1.3 Do you have an AI adoption strategy and is there a defined owner?

1.4 Do you have training or awareness programs for AI usage?

2.1 Do you have an AI governance framework in place (policies, roles, approvals, and oversight)?

2.2 Do you have an AI Acceptable Use Policy documented?

2.3 Are approved AI tools allowlisted and unapproved ones blocked?

2.4 Do you have vendor risk assessments for AI providers?

2.5 Is Data Loss Prevention (DLP) configured to prevent sensitive data from being shared with AI tools?

2.6 Do you monitor AI usage and data shared with AI?

3.1 Do you have a list of all AI tools currently in use in your organization?

3.2 Do you have a change request and documented process around requesting new tools and integrations?

3.3 Have you documented what those tools have access to (data, systems, accounts)?

3.4 Do you have monitoring or dashboards for AI activity in your organization (e.g., DefensX)?

3.5 Have you defined who is expected to support the company's AI tools and customization of applications?

3.6 Do you have a process for tracking licensing, usage limits, and ROI tracking?

3.7 Do you have datasets that will be used for training? How are you measuring data quality?

4.1 What built-in AI tools are included with your current vendors, how are they governed, and what data or systems can they access?

4.2 Do you have documented workflows that are ready to be implemented or automated?

4.3 Have you defined KPIs for AI adoption?

4.4 Are there any active AI pilot projects or proof-of-concepts underway?

5.1 Do you have a roadmap for scaling AI securely?

5.2 Do you have a process for retiring AI tools?

5.3 Do you have a process for measuring quality of AI tools and their output?

5.4 Are incident response playbooks updated for AI-related breaches?

5.5 Do you implement AI-specific threat modeling?