Data boundaries. Classify once: green (any approved tool), yellow (enterprise tools with contractual data protection only), red (never leaves controlled systems). Every future question reduces to which bucket.
Access. Which roles get which capabilities. Read-widely, write-narrowly is the default that survives contact with reality. Log writes.
Evaluation. Every production AI workflow names its owner and its check: sampled human review, regression cases, tripwire metrics. Unevaluated workflows are pilots, and pilots do not touch customers.
Spend. Budgets and caps per team, visible weekly. Runaway cost is a governance failure before it is a finance problem.
Accountability. A human owns every agent's output, the same way a manager owns a report's output. No orphan automations.
Healthcare, finance, insurance, and law adopt AI successfully by inverting the question: instead of "can we use AI?", ask "which of our workflows have no regulated data in them at all?" Marketing drafts, internal documentation, code without PHI or PII, research synthesis: there is usually a wide green zone that requires no regulator conversation whatsoever.
For the regulated zone, your existing compliance machinery is the asset, not the obstacle: the same access controls, audit logs, and review chains that govern human work extend to machine work. Regulators do not require that AI be absent; they require that accountability be present.
One rule keeps you safe in every jurisdiction: a human owns every consequential output, and the log can prove who.
Write five headings on one page: Data (green/yellow/red), Access (who gets what), Evaluation (every workflow names its check), Spend (caps and visibility), Accountability (a human owns every output). If a governance question does not fit under one of the five, it is usually not a governance question.
Coding tools (Claude Code and peers) deserve their own checklist because they touch source code, credentials, and infrastructure. Enterprise accounts only, with training-data exclusion in the contract. Repository access scoped per team, never org-wide by default. Secrets out of repositories entirely so there is nothing to leak. Agent-written code enters through the same pull-request review gate as human code. Spend caps per seat. A kill switch someone actually knows how to use.
None of this is exotic; it is your existing engineering hygiene applied to a faster contributor. Teams with weak hygiene discover that the agent did not create the risk, it accelerated the discovery of it.
Publish the page. Name the owner. Review it quarterly against incidents and new tools. Tie exceptions to the ask-first contact rather than to silence. Governance that lives in a shared document people have actually read beats a policy portal nobody visits.
Five decisions: data classification for AI tools, role-based access, mandatory evaluation for production workflows, spend caps with visibility, and named human accountability for every agent's output. One page, one owner, quarterly review.
Yes. Start in the green zone (workflows with no regulated data), extend existing compliance controls to machine work in the regulated zone, and keep a human accountable and logged for every consequential output.
Enterprise accounts with training exclusion, per-team repository scoping, secrets out of repos, agent code through normal PR review, per-seat spend caps, and a practiced kill switch. Standard engineering hygiene, applied to a faster contributor.
Bring one AI question from this article. We will tell you what we would do, whether or not you hire us.
Book a 15-Min Chat →