Owner: Executive sponsor + prospective CoE Lead Input: The decision to adopt AI across the company. Sub-steps:
- Walk through the 8 readiness gates (
framework.md§5):- Executive sponsor named?
- Risk appetite stated in writing?
- Identity provider (Okta / Entra / Workspace SSO) in place?
- Security review path exists?
- Data classification baseline exists (public / internal / confidential / PII)?
- Logging & monitoring infrastructure exists?
- Operational discipline (SDLC, change management, incident response)?
- 3–5 candidate workflows already documented?
- Score each as Ready / Partial / Missing.
- For Missing items: address them before going further. Do not start the AI program on a missing foundation.
Output / gate criteria: All 8 gates marked Ready or Partial with a clear remediation plan for the Partials. Decision branches:
- Most are Missing → Stop. Fix foundations first.
- A few are Partial → Proceed but track Partials in a remediation backlog.
- All Ready → Move to A1. Skip-this-step risk: AI gets layered onto broken plumbing. Shadow AI starts before governance can catch up.