Rulix AI
Quick check

17 plain-English questions about your company's AI program.

Answer at the topic level — no acronyms, no AI background needed. You'll get the same dashboard a full enterprise assessment produces: maturity score, compliance breakdown, lifecycle gap map, and a roadmap pointing at concrete next steps.

Don't know an answer? Pick the closest of yes / partial / no.Skipping counts as “no” for scoring.

Pillar 1 of 5

Governance Foundation

Executive sponsorship, CoE structure, operating model, written risk appetite — the program-level scaffolding any AI governance effort needs before any agent is built.

  1. Is there a senior leader at your company officially responsible for AI?

    Someone like a CTO, COO, or VP who owns AI as part of their job — not "we all kind of think about it."

    Answer

  2. Has leadership written down what AI is and isn't allowed to do?

    A short written statement of where AI may act (e.g., draft customer emails) and where it can't (e.g., approve payments) — even a 1-page memo counts.

    Answer

  3. Do you have a consistent way to decide how risky each AI project is?

    When someone proposes a new AI use case, is there a rubric (low/medium/high) you apply, or does each project get a fresh debate?

    Answer

  4. Is it clear who's responsible for what when AI is being built across teams?

    When an AI project touches Engineering + Security + Legal + Business, can everyone tell who decides, who builds, who reviews, who signs off?

    Answer
Pillar 2 of 5

Lifecycle Discipline

Single intake door, 3-tier risk classification, Agent Card, pre-build and pilot-to-prod gates, quarterly portfolio review, retirement — the per-agent flow that prevents pilot-graveyard and zombie-agent failure modes.

  1. Is there a defined process for proposing new AI projects?

    A single intake form, a request flow, a registry of AI projects — anything that means new AI doesn't just appear in production without anyone seeing it.

    Answer

  2. Before an AI tool goes live, is it documented in a spec?

    What it does, what data it uses, what could go wrong, who owns it — written down before it ships. Not figured out in chat threads.

    Answer

  3. After AI launches, do you review whether it's still working as intended?

    Scheduled check-ins on a regular cadence — not "we built it and hope it still works."

    Answer
Pillar 3 of 5

Stack & Identity

Approved stack locked, multi-LLM strategy, every agent has a unique IdP identity with least-privilege scoped credentials, 60-second revocation drill tested, MCP / open protocols used where available.

  1. Are AI tools running on company-approved infrastructure?

    Not personal accounts, not on a corporate card with no IT oversight — the AI vendor stack is documented and approved by Security/IT.

    Answer

  2. If something goes wrong, can you tell which AI did it?

    Each AI agent has its own identity in your enterprise identity system so logs attribute actions to the right agent — not "some unknown service did the thing."

    Answer

  3. Do you vet vendor AI tools before adopting them?

    Vendor AI assistants, copilots, embedded AI features in your SaaS — does a security and legal review happen before contracts are signed?

    Answer
Pillar 4 of 5

Operations

Responsible-AI checklist, 3 guardrail layers (policy / workflow / runtime), 5 control mechanisms enforced before action, 5 monitoring signals running continuously, threat models, red-teaming.

  1. Before an AI feature goes live, do you test it on real examples?

    A "golden set" of historical data, or at least a structured pre-launch test — not just "the vendor demo looked good."

    Answer

  2. After AI is live in production, do you continuously monitor whether it works?

    Dashboards, alerts, drift detection — you can answer "is this AI still doing what we said it would?" today, not after the next incident.

    Answer

  3. For high-stakes AI decisions, does a person review before the AI acts?

    When AI does something consequential (sends customer comms, approves a payment, makes a hiring decision), a human reviews — not "the AI just goes and we hope."

    Answer

  4. Do you have a plan if AI causes harm or fails?

    A documented incident-response process: who pages whom, how to disable the agent, how to communicate to affected users, how to learn from it (post-mortem).

    Answer
Pillar 5 of 5

Compliance & Cost

Vendor AI inventory, procurement gate, data foundation, cost tracking per agent, ROI per agent, regulatory overlays applied where in scope (EU AI Act / HIPAA / SOX).

  1. Do you know which regulations apply to your AI use cases?

    EU AI Act (if EU customers/employees), HIPAA (if healthcare), SOX (if public company), sector regulators — you can name what applies.

    Answer

  2. Do you measure whether AI is delivering value or just costing money?

    Each AI agent has KPIs, ROI is tracked, you can answer "what did our AI investment actually do?" with numbers.

    Answer

  3. Does leadership see regular reports on the AI program?

    Quarterly readouts to the executive sponsor; an annual compliance review. Not "I think it's going fine."

    Answer
Done? Get your dashboard.Unanswered questions count as “no” for scoring.

17 topic questions · 5 pillars · same scoring engine as the full expert assessment. Want the detailed 47-question version? Take the full assessment instead.