Governance Foundation

AI Policy Development

Practical, implementable AI policies specifically designed for Australian organisations - aligned to Privacy Act requirements, OAIC guidance, and industry regulations.

We develop comprehensive policy suites covering acceptable use, ethics, procurement, data governance, incident response, and generative AI - built to enable responsible AI adoption, not block it.

View Policy Suite
AI Policy Management Dashboard
Privacy Act 2024 Amendments
Automated Decision-Making Transparency: December 2026

The Challenge

Many organisations are operating AI systems without formal policies or clear guidelines, creating gaps in governance and regulatory compliance.

Unclear Employee Guidelines

Staff are using ChatGPT, Copilot, and other AI tools without clear guidelines on what's acceptable. Some enter confidential data. Some don't. Nobody knows the rules.

Privacy Act Compliance

Privacy Act amendments require transparency about automated decision-making by 10 December 2026. Organisations need policies to identify AI-driven decisions and establish appropriate disclosure processes.

Shadow AI Proliferation

When policies are too restrictive - or don't exist at all - employees find workarounds. Shadow AI creates ungoverned risk that grows silently across the organisation.

"Organisations using AI products should... establish internal policies about AI use by staff that are updated regularly to reflect the proliferation of AI-enabled products and features."

- OAIC Guidance on Privacy and the Use of Commercially Available AI Products (October 2024)

The AI Policy Suite

A comprehensive set of policies designed to work together, covering the full spectrum of AI governance needs.

1

AI Acceptable Use Policy

Foundation policy for all employees

Defines what AI tools employees can use, what data can be input, required human oversight, and prohibited uses. Clear guidelines that enable productive AI use while protecting the organisation.

Approved Tools Data Restrictions Output Review
2

AI Ethics & Responsible AI Policy

Principles and values alignment

Establishes ethical principles aligned to Australia's 8 AI Ethics Principles. Covers fairness, transparency, accountability, privacy, and human oversight requirements.

Ethics Principles Bias Prevention Transparency
3

AI Procurement & Vendor Policy

Third-party AI risk management

Due diligence requirements for AI vendors, contractual requirements, ongoing monitoring, and exit planning. Includes assessment questionnaires and evaluation criteria.

Vendor Assessment Contract Terms Due Diligence
4

AI Development & Deployment Policy

For organisations building AI

Standards for internal AI development: model documentation, testing requirements, approval workflows, deployment gates, and ongoing monitoring obligations.

Development Standards Testing Gates Deployment Approval
5

AI Data Governance Policy

Privacy Act aligned

Data quality requirements, training data provenance, personal information handling aligned to Australian Privacy Principles, and cross-border transfer restrictions.

Data Quality Privacy Compliance Data Provenance
6

AI Incident Response Policy

When things go wrong

Incident classification, response time requirements, investigation procedures, regulatory notification requirements (OAIC, APRA), and post-incident review processes.

Incident Classification Response Procedures Regulatory Notification
7

Generative AI Usage Policy

ChatGPT, Copilot, Claude specific

Specific guidance for generative AI: approved platforms, prohibited inputs, output review requirements, attribution rules, and accuracy verification obligations.

Approved Platforms Input Restrictions Output Review
8

AI Training & Awareness Policy

Capability building

Training requirements by role: foundation (all staff), practitioner (AI users), specialist (developers), and leadership (executives). Competency assessment and certification.

Role-Based Training Competency Assessment Awareness Programs

Implementation Approach

We don't just deliver documents. We help you roll out policies that employees actually follow, with communication plans, training materials, and compliance mechanisms.

AI Policy Implementation Tracker

Australian Regulatory Alignment

  • Privacy Act 2024 amendments and OAIC guidance
  • Australia's 8 AI Ethics Principles
  • Voluntary AI Safety Standard (10 Guardrails)
  • APRA CPS 230 (for financial services)
  • ISO/IEC 42001:2023 AIMS pathway
1

Discovery & Assessment

We understand your current AI landscape, existing policies, regulatory requirements, and organisational culture. This informs policy design that fits how your organisation works.

2

Policy Development

We draft your policy suite with stakeholder input from legal, compliance, HR, IT, and business units. Iterative review ensures policies are practical and enforceable.

3

Legal Review & Approval

Your legal counsel reviews final policies. We support the approval process through governance committees and executive sign-off.

4

Rollout Planning

We develop communication plans, training materials, manager briefings, and employee quick-reference guides. Policies are communicated clearly and consistently.

5

Implementation Support

We support policy launch with training delivery, FAQ sessions, and initial compliance monitoring. We help resolve questions and edge cases as they arise.

What You Receive

More than policies - complete implementation support.

Policy Documents

6-8 core policies customised to your organisation, industry, and regulatory requirements. Word format for ongoing updates.

Supporting Materials

Employee quick-reference guides, manager implementation guides, FAQ documents, policy acknowledgment forms, and compliance checklists.

Communication Plan

Rollout communication strategy, key messages, timing, and channels. Ensure consistent messaging across the organisation.

Training Materials

Slide decks for different audiences (all staff, managers, specialists), facilitator guides, and assessment questions.

Governance Structure

AI Governance Committee Terms of Reference, role and responsibility matrices (RACI), and escalation procedures.

Review Process

Annual policy review framework, update triggers, and version control procedures. Policies stay current as AI evolves.

Frequently Asked Questions

How do we ensure employees actually follow the policies?

Policies work when they're practical and well-communicated. We design policies that enable AI use rather than just restrict it, and we provide complete rollout support including training and compliance mechanisms. Overly restrictive policies drive shadow AI - we balance protection with enablement.

How long does policy development take?

Typical engagements run 12-16 weeks: Discovery (2-3 weeks), Policy Development (4-6 weeks), Legal Review (2-3 weeks), and Rollout (2-4 weeks). We can accelerate for urgent regulatory deadlines.

Can we customise policies for our industry?

Yes. We have specific expertise in financial services (APRA, ASIC), healthcare (TGA, AHPRA), and government. Policies are tailored to your industry's regulatory requirements and operational context.

What about the December 2026 Privacy Act requirements?

Our policies are designed with December 2026 automated decision-making transparency requirements in mind. We help you identify which decisions involve AI and establish the disclosure processes required under the Privacy Act amendments.

Related Services

AI Governance Consulting

Comprehensive governance program design including operating models and committee structures.

Learn more →

Risk Framework Development

AI-specific risk taxonomies and assessment methodologies aligned to APRA CPS 230.

Learn more →

AI Audit & Assessment

Independent assessment of your current AI governance maturity and policy effectiveness.

Learn more →

Ready to Develop Your AI Policies?

Schedule a consultation to discuss your organisation's AI policy requirements and how we can help you build policies that enable responsible AI adoption.

Start with an Assessment