# AI Register (Starter Template)

**For Australian businesses. A companion to your AI usage policy.**
Provided free by VibeZero (https://www.vibe0.com.au). Edit freely.

This is a **starter template, not a completed register, and not legal advice.**
It is a skeleton to fill in and then keep current. A register is only useful
once someone has actually walked the business, found every AI tool in real use
(including the ones on free and personal accounts), and assigned an owner and a
review date to each. That walking-the-business part is the work; this file just
gives you the shape.

Use the CSV (`ai-register-template-australia.csv`) as your working copy in Excel,
Google Sheets or any spreadsheet. The columns are below.

---

## Why keep a register

If you cannot list the AI tools your team uses, who owns each one, and what data
goes into them, you cannot manage the risk. A register is the single source of
truth that your AI usage policy points at. It is also the first thing a cyber
insurer, a larger client or an auditor will ask to see.

## Columns

| Column | What to record |
|--------|----------------|
| Tool | Product name (e.g. Microsoft 365 Copilot, ChatGPT, Claude). |
| Purpose | What it is actually used for, in plain words. |
| Owner | The named person accountable for this tool. Not "IT" or "everyone". |
| Data types used | What data goes in. Flag anything sensitive: client PII, health, financial, payroll, contracts, source code. |
| Account type | Managed business plan, free tier, or personal account. Free and personal accounts are the ones to scrutinise. |
| Approval status | Approved / Approved with conditions / Under review / Not approved. |
| Date added | When the tool first appeared in the business. |
| Last reviewed | When you last checked it was still fit and safe. |
| Next review | When it is due again (quarterly is a sensible default). |
| Notes | Conditions, data residency, retention, anything worth flagging. |

## How to fill it in

1. List the tools you know about first.
2. Then find the ones you do not. Ask each team how they actually use AI, including
   anything on a free or personal login. This is where shadow AI surfaces.
3. Assign a named owner and a review date to every row. A row with no owner is a gap.
4. Decide an approval status for each. Anything "Not approved" but in use needs a
   decision: approve it properly, replace it, or stop it.
5. Review on the cadence in the Next review column.

## When you want it done properly

This template gets you started. Finding every tool in use, classifying the data
accurately, and turning the register into a usage policy and a working review
cycle is exactly what our interview-based [AI Usage Review](https://www.vibe0.com.au/services/ai-usage-review)
does, and the ongoing version is part of the [Fractional Chief AI Officer](https://www.vibe0.com.au/services/fractional-chief-ai-officer)
retainer. A self-made register is a fine start; an independent one is what stands
up when someone asks.