AI Governance Pack

You are a senior AI risk consultant. I am considering deploying [NAME OF AI TOOL] for [SPECIFIC USE CASE] within a [TYPE OF ORGANISATION, e.g. financial services firm / NHS trust / law firm]. Assess the risk profile of this deployment across the following dimensions: 1. Data privacy and regulatory compliance (include relevant frameworks such as GDPR, UK AI Act, or sector-specific regulations) 2. Security vulnerabilities and potential attack surfaces 3. Operational dependency and business continuity risk 4. Reputational risk if the tool produces incorrect or biased outputs 5. Workforce impact and change management risk For each dimension, rate the risk as Low, Medium, or High, and provide a one-paragraph justification. Close with three recommended mitigation actions before deployment proceeds.

You are an AI governance specialist. I am going to paste our current organisational AI policy below. Review it against current best practice frameworks including the UK Government AI Guidance, the NIST AI Risk Management Framework, and ISO/IEC 42001. Identify: 1. The three most significant gaps between our current policy and best practice 2. Any areas of ambiguity that could create compliance risk 3. Topics that are entirely absent but should be addressed 4. Language that is outdated or no longer fit for purpose For each gap, provide a specific recommendation for how the policy should be updated. Keep recommendations practical and implementable for a [SIZE, e.g. mid-sized / enterprise] organisation. [PASTE YOUR CURRENT AI POLICY HERE]

You are a business case writer with expertise in AI adoption. Help me build an internal approval document for the following AI tool: Tool: [NAME OF TOOL] Proposed use case: [DESCRIBE WHAT YOU WANT TO USE IT FOR] Team or department: [YOUR TEAM] Estimated cost: [PRICING] Current process it would replace or improve: [DESCRIBE CURRENT PROCESS] Structure the business case with the following sections: 1. Executive Summary (3 sentences maximum) 2. Problem Statement — what is the current process costing us in time and resource 3. Proposed Solution — what the tool does and how it addresses the problem 4. Financial Case — estimated ROI or time saving 5. Risk Considerations — key risks and how they will be mitigated 6. Implementation Plan — three phases with realistic timelines 7. Recommendation Write in a professional tone suitable for a senior leadership audience. Avoid technical jargon.

You are an AI ethics reviewer. I am going to share a piece of AI-generated content or a proposed AI-assisted decision below. Review it for potential bias across the following categories: 1. Gender bias — does the content make assumptions or use language that favours one gender 2. Cultural or racial bias — does it centre a particular cultural perspective or exclude others 3. Socioeconomic bias — does it assume a particular income level, class, or access to resources 4. Age bias — does it disadvantage or misrepresent any age group 5. Confirmation bias — does it disproportionately favour a particular viewpoint or outcome 6. Recency bias — does it over-index on recent data or trends at the expense of broader context For each category, indicate whether bias is Present, Possible, or Not Detected, with a one-sentence justification. Where bias is present or possible, suggest a specific revision to address it. [PASTE YOUR CONTENT OR DECISION HERE]

You are a data privacy consultant with expertise in UK GDPR and AI systems. I am going to describe a proposed AI workflow. Assess it for data privacy risk and compliance concerns. Workflow description: [DESCRIBE YOUR PROPOSED AI WORKFLOW IN DETAIL — what data is collected, how it is processed, where it is stored, who has access, and which AI tools or platforms are involved] Assess the workflow against the following: 1. Lawful basis for processing — is there a clear and documented lawful basis 2. Data minimisation — is the workflow collecting more data than necessary 3. Third party risk — do any AI tools or platforms involved create data transfer or processor risk 4. Individual rights — could individuals exercise their rights under UK GDPR given this workflow 5. Retention and deletion — is there a clear policy for how long data is held and how it is deleted For each area, identify any concerns and provide a specific recommendation. Flag any areas that require legal review before the workflow is deployed.

You are an AI risk manager. Help me draft an incident response plan for the following scenario: Organisation type: [E.G. professional services firm / healthcare provider / financial institution] AI tool involved: [NAME OF TOOL] Nature of the incident: [DESCRIBE WHAT WENT WRONG — e.g. the tool produced factually incorrect output that was shared with a client / the tool generated biased content that was published / the tool made an incorrect automated decision affecting a customer] Draft a structured incident response plan covering: 1. Immediate containment — what to do in the first 60 minutes 2. Assessment — how to understand the scope and impact of the incident 3. Stakeholder notification — who needs to be informed and in what order, including any regulatory notification obligations 4. Remediation — how to fix the immediate problem and prevent recurrence 5. Post-incident review — what governance changes should follow Write in plain English. The plan should be usable by a non-technical manager handling the incident in real time.

You are a technology procurement specialist. I am evaluating an AI software vendor for potential use in my organisation. Generate a comprehensive due diligence question set I can use in vendor conversations and RFP responses. Vendor name: [VENDOR NAME] Proposed use case: [WHAT YOU INTEND TO USE THE TOOL FOR] Organisation type: [YOUR ORGANISATION TYPE AND SIZE] Generate 20 due diligence questions across the following categories: 1. Data security and privacy (5 questions) 2. Model transparency and explainability (4 questions) 3. Regulatory compliance and certifications (4 questions) 4. Business continuity and support (4 questions) 5. Pricing, licensing, and exit rights (3 questions) For each question, add a one-line note explaining why the answer matters and what a good response looks like. Format as a numbered list I can send directly to the vendor.

You are an HR and technology policy writer. Draft an AI Acceptable Use Policy for employees at a [SIZE AND TYPE OF ORGANISATION, e.g. 200-person professional services firm / NHS trust / retail business]. The policy should: - Be written in plain English that any employee can understand, regardless of technical background - Cover personal use of consumer AI tools (such as ChatGPT, Claude, and Gemini) as well as any company-approved AI platforms - Address the following areas: 1. What employees are permitted to use AI tools for at work 2. What is strictly prohibited (include examples such as inputting confidential client data, using AI to produce work presented as entirely their own without disclosure, and using AI for decisions that require human judgement) 3. Data handling rules — what types of information must never be entered into an AI tool 4. Quality and accuracy responsibilities — employees remain accountable for AI-assisted outputs 5. How to report concerns or incidents involving AI tools 6. Consequences of misuse Close with a short section on how the policy will be reviewed and updated as AI tools evolve. Keep the total length to one side of A4.

Enjoying Zymbos Intelligence?

Share this edition with someone who needs it.

Zymbos Intelligence  |  Prompt Pack #3

Published by Zymbos AI  |  zymbos.ai  |  [email protected]
You are receiving this as a subscriber to Zymbos Intelligence.
Unsubscribe