Enterprise AI Governance Program
Built the enterprise AI-governance program for a regulated utility — a default-Copilot policy, an exception process routed through the security & information-governance board, and an AI questionnaire on every vendor intake.
AI Governance Policy Security Regulated
Why
Generative AI in a regulated utility needs guardrails before it needs scale.
What I built
- A default policy posture: all generative-AI usage restricted to Microsoft Copilot unless explicitly approved.
- An AI exception policy that routes non-default tools through the Security & Information Governance (SIG) board for review.
- An extension to vendor intake — an AI questionnaire so every new contract is evaluated for how the vendor uses company data.
Why it matters
Cross-functional governance work across legal, security, and procurement — not just an internal-tool policy. It’s what lets the AI portfolio grow safely.