# Foundations Resource Pack

## Included in this pack

- definition of AI governance in operational terms
- common risk patterns
- first 30 days checklist
- leadership discussion questions
- baseline vocabulary
- route to next-step resources

## Common risk patterns explained

### Shadow AI
Unapproved tools spreading through convenience.

### Output overtrust
Teams trusting polished language more than verified accuracy.

### Data leakage by habit
Sensitive information pasted into tools with no review.

### Review bypass
AI speeding work by eliminating steps that still matter.

### Ownership gaps
No single person accountable for governance.

## First 30 days checklist

- identify current AI use by team
- assign an interim governance lead
- name approved and unapproved tools
- draft a one-page interim acceptable use rule set
- communicate data restrictions
- define minimum output review standards
- schedule baseline staff training
- create escalation inbox or reporting path