AI Readiness Checklist

Do you have a documented AI strategy aligned with business objectives?

Is there board-level oversight and accountability for AI initiatives?

Have you established an AI governance committee or responsible individual?

Do you have documented policies for AI development and deployment?

Have you conducted a risk assessment for each AI system?

Do you have processes to monitor AI systems for unexpected behaviour?

Are there documented incident response procedures for AI failures?

Have you assessed third-party AI tools and their associated risks?

Have you tested AI systems for bias across protected characteristics?

Can you explain how your AI systems make decisions?

Do affected individuals have the ability to request human review of AI decisions?

Are there clear boundaries on what AI should not be used for in your organisation?

Is training data documented, including sources, quality, and limitations?

Do you have consent and legal basis for using data in AI systems?

Are there controls to prevent sensitive data leakage through AI systems?

Do you have data retention and deletion policies for AI-related data?

Are AI systems protected against adversarial attacks and manipulation?

Is access to AI systems and their outputs appropriately controlled?

Have you conducted security testing on AI applications?

Do privacy impact assessments cover AI processing activities?

Are you aware of applicable AI regulations (EU AI Act, UK frameworks)?

Is there documentation of AI system design, testing, and validation?

Do you disclose to users when they are interacting with AI?

Have you mapped your AI systems to ISO/IEC 42001 requirements?