ResourcesFor BuildersFramework
FrameworkDownloadable PDF

AI Governance for Small Organizations: A One-Page Framework

Enterprise-grade governance — translated into something a 10-person nonprofit board can actually adopt.

John Biske·March 2026·1 page·For Builders
Free download

Get the One-Page AI Governance Framework PDF

Enter your email and I'll send the PDF plus a short note on how other small teams are using it. One-click unsubscribe.

Most AI governance documents are written for organizations with a general counsel, a risk committee, and an IT security team. If that's not you, they read like a tax form nobody wants to fill out.

This framework fits on one page. It's specifically for organizations of 10–50 people that need real governance — not theater — without a department dedicated to producing it.

The four questions your policy has to answer

That's it. No more.
  1. 01Data — What can our staff put into AI tools, and what must stay out? Be specific. "Client PII" is specific. "Sensitive data" is not.
  2. 02Decisions — Which decisions are allowed to be AI-assisted, and which require a human owner regardless? List the categories.
  3. 03Disclosure — When do we tell clients, donors, or stakeholders that AI was part of our work? What language do we use?
  4. 04Drift — Who reviews these answers, how often, and what triggers a revision before the scheduled review?

Why each question matters

The first three are about preventing foreseeable harms. The fourth is about preventing the most common AI governance failure I see: a document signed in 2024 that nobody has looked at since, while the technology and the team's actual usage have completely changed underneath it.

The drift question is the one most small-org policies skip. Don't skip it.

A governance document you don't revisit is a governance document that has already failed.

How to adopt this in 30 minutes

At a board meeting
  1. 01Print the one-pager. Distribute to everyone in the room.
  2. 02Walk through the four questions out loud. Each person writes their own answer.
  3. 03Compare answers. The places you disagree are where your policy actually needs to go.
  4. 04Pick a review cadence — quarterly for the first year, then whatever rhythm matches your actual pace of change.
  5. 05Name one human owner for the document. Without an owner, it rots.

What this framework doesn't cover

It doesn't cover contractual AI requirements from funders, regulators, or large clients. If you have those, this is the floor; add their requirements on top.

It doesn't cover technical security review of specific tools. That's a separate conversation, and it's usually shorter than people fear once the policy above is in place.

Download the one-page version.

Print it, share it with your board, bring it to your next meeting. Free, no strings, yours to keep.

Get the PDF
Keep reading

More for the same audience.

Case Study

How a University Professor Replaced a $50K Software Contract with a Custom AI Platform

The only named case study I publish. Problem, approach, and outcome — not a tech-stack showcase.

For Builders·14 min read
Read
Guide

7 Kinds of Apps I've Built With AI (And What They Cost)

A transparent tour of the $5K–$20K range, mapped to my actual apps inventory. For AI-curious, budget-anxious buyers.

For Builders·10 min read
Read

Reading is a start. Let's see whether we're a fit.

Thirty minutes, no cost, no slides. I'll tell you honestly whether I can help — or point you to someone who can.

Schedule Your Free Intro Call