AIRiskAware
Back to all stages
Stage 03 · Building

Designing policies, controls, and the governance programme

I'm designing policies, controls, or a governance programme.

You're in build mode. AI policy drafts, control libraries, role definitions, decision rights. The right next step is choosing a framework (ISO 42001, NIST AI RMF, AIRA) and matching it to your operating model — not building from a blank page.

Free resources & templates AIRA framework

Start with these articles

Curated for people at this stage. Read in order, or pick the one that matches your specific situation.

Practical Guide 11 min read

How to Write an AI Policy for Your Organisation

A practical guide to writing an AI usage policy that employees will actually follow, what to cover, what makes policies fail, and a complete

Small Business 7 min read

Writing an AI Policy for Your Small Business: A Step-by-Step Template

Most AI policy guides are written for enterprises with legal teams. This one is for small business owners who need something practical, defe

Frameworks 11 min read

ISO 42001: A Practical Implementation Guide for 2026

ISO 42001 is the international standard for AI management systems. This guide covers what it requires, how it relates to EU AI Act complianc

AIRA Framework 10 min read

AI Governance Implementation: A Practical 90-Day Roadmap for Enterprise Organisations

Most AI governance programmes fail because they start too large and lose momentum. This 90-day implementation roadmap — built from enterpris

Governance 12 min read

AI Controls Framework: The Practical Guide for Enterprise Risk and Compliance Teams

An AI controls framework defines the specific controls — preventive, detective, and corrective — that govern AI risk across an organisation.

Regulation 9 min read

Singapore's AI Governance Framework: What Businesses in Asia-Pacific Need to Know

Singapore has developed one of the most sophisticated AI governance frameworks in Asia. For businesses operating in the region, understandin

Previous stage
Stage 02
AssessingDiscover what AI you have and what risk it carries
Next stage
Stage 04
OperatingDay-to-day governance: monitoring, reviews, board reporting