# AI Policy Starter Pack

Set practical rules for how AI should be used inside a small business before adoption spreads faster than quality control.

## Usage Lanes

Split AI usage into three lanes.

### Green lane

Low-risk work that can move fast:

- draft internal notes
- summarize meetings
- create first-pass outlines
- generate rough ideas for operator review

### Yellow lane

Useful but review-required work:

- customer-facing email drafts
- FAQ drafts
- review-response suggestions
- estimate follow-up drafts
- content briefs and page outlines

### Red lane

High-risk work that should not be delegated casually:

- legal commitments
- financial approvals
- medical or compliance guidance
- fake proof or invented customer statements
- unsupervised policy or pricing changes

## Approval Rules

Use simple approval rules instead of vague “be careful” guidance.

- Any public-facing copy requires a named reviewer.
- Any customer-specific output must be checked for factual accuracy.
- Any content referencing pricing, guarantees, timelines, or sensitive customer data requires human sign-off.
- Any output that could become published proof requires consent and verification.

## Prompting Standard

Require teams to include:

- business context
- audience
- output format
- required facts
- tone constraints
- what must not be changed

That alone improves quality more than most teams expect.

## Human Review Checklist

Before approving AI-assisted output, check:

- is it factually correct?
- does it sound like the business?
- does it overstate, invent, or imply unsupported proof?
- does it make commitments the team cannot honor?
- does it protect trust rather than just save time?

## Red-Flag Scenarios

Escalate immediately when AI is used for:

- fabricated reviews or testimonials
- policy language the owner has not approved
- legal or compliance claims
- pricing or guarantee changes
- hidden edits to public proof or case examples

## Ownership Model

Define:

- who can use AI for what
- who approves customer-facing work
- who updates the policy
- who logs incidents or quality failures

Without ownership, the policy becomes decorative.

## Training Cadence

### Weekly

- review one good use case
- review one weak or risky output

### Monthly

- update examples
- clarify any lane confusion
- tighten prompts and review guidance

## 30-Day Rollout

### Week 1

- define lanes
- assign reviewers
- document restricted uses

### Week 2

- train the team on prompts and review rules
- test real outputs against the checklist

### Week 3

- fix weak spots
- clarify edge cases

### Week 4

- publish the internal policy
- review adoption quality, not just adoption volume