Foundations Pack · AI & data governance for small teams

When a customer asks how you govern AI and data, we make sure you can answer before it costs you the deal.

An integrated information-security and AI-governance foundation, built for a small team and designed to pass a customer’s review or a funder’s due diligence.

Get the Self-Serve pack — £450 →Compare with Guided

// Built on ISO/IEC 27001 & 42001 · for teams with no compliance function · written in plain English

One foundation, two kinds of money

The same proof unlocks both.

Track A · Commercial

Win the deal you're blocked on

Your potential customers or partners won't proceed until you can show how you govern AI and data. The pack gives you that answer, turning a recurring blocker into revenue opportunities.

→ "We can't pilot you until you complete our data & AI questionnaire."

Track B · Mission & grants

Unlock the funding you can't reach

Donors and foundations increasingly require evidence of good governance and data protection before they'll fund. The pack gives a small org that evidence.

→ "Provide your data-protection and safeguarding governance for due diligence."

Your key stakeholders start asking for proof.

The deal stalls, the grant goes unawarded, the partner hesitates. This is not because your work isn’t good, but because you can’t yet show you handle AI and data responsibly. That’s a gap you help you close properly.

What’s inside

Four working files, and the judgement to use them.

Start Here

Your map: what the pack is, the order to work through it, the honesty self-check, and when to bring in a human.

Scope & Context

Define what you're actually governing, with decision-gates that force the calls that matter — including AI that affects people.

AI Policy

A responsible-AI policy your team will actually follow covering human oversight, data, third-party tools and more.

Registers workbook

Three working items: AI & system inventory, a seeded risk register, and a combined Statement of Applicability.

Plus the teaching layer

An eight-part course walks you through the approach on a worked example — the templates on screen, the reasoning at each decision. We show you the how; the pack is where you do it for your own business.

Choose your level

Do it yourself, or do it with a check.

Foundations — Self-Serve

£450

For the team that wants the foundation and will build it themselves.

✓ All four pack files (editable)
✓ The eight-part course
✓ Decision-gates & honesty self-check built in
✓ Seeded risk register & pre-filled SoA
✓ Lifetime access

Get Self-Serve — £450 →

Most template packs sell you false assurance. We refuse to.

A document that claims a control you don’t run is worse than none — it fails the moment someone checks. The whole pack is built against the traps that catch small teams:

✕Copy-paste — keeping the template’s words instead of your truth
✕Over-claiming — marking things “done” because the form looked better
✕Set-and-forget — true the day you wrote it, stale ever since
✕Paper over practice — the document exists, the behaviour doesn’t

The honesty self-check (built in)

✓Did I replace every placeholder with my real situation?
✓Does each control I marked in place actually happen today?
✓Have I been honest about what I’m not doing yet?
✓If someone asked for evidence, could I show it?

If the answer is “no,” that’s fine — it just means the item is Planned, not done. Recording that honestly is the whole point.

Where the requirement bites first

Built for the sectors that get asked earliest.

// edtech

Education

Children's data and safeguarding — what schools and partners check before they'll pilot.

// health

Health data

The trust foundation clinical and enterprise partners look for before they sign.

// finance

Financial data

Customer and regulatory expectations around AI and sensitive data.

// mission

Mission & sensitive data

Donor due diligence and the duty to protect the people you serve.

If your AI & Data governance do not stand up to your customer’s review or your funder’s due diligence, we’ll help you put it right.

Lead Implementer

ISO/IEC 42001 — trained (PECB)

Standards-table

Previously active in BSI & ISO/TC 307

Sakshi benchmark

AI behavioural evaluation

Real delivery

Fintech · health · education · mission

Questions

Before you buy

Does this make me compliant or certified?

No — and anyone who claims a £450 pack does is selling false comfort. This gives you a solid foundation based on best practices and recognised standards (ISO 27001 and ISO 42001) and the judgement to use it: enough to answer most customer and funder questions honestly, and the right base for ISO certification later if you need it.

Do I need to be technical or know the standards?

No. The course explains the two standards in plain English and the templates carry you through the decisions. It's built for founders and small teams with no compliance function.

I run a non-profit or mission organisation. Is this for me?

Yes — Track B is built for exactly this. Funders increasingly require evidence of governance and data protection in due diligence, and the pack gives a small, capacity-stretched org a proportionate way to meet that without a compliance team.

What's the difference between Self-Serve and Guided?

Self-Serve is the pack and course — you build the foundation yourself. Guided adds an online workshop with our team to review what you have implemented, with honest feedback on what's real, what's over-claimed, and what to do next. Pick Guided if you want an expert eye before it goes to a customer or funder.

What if I need it done with me?

Then the pack isn’t the right tool — the full done-with-you ISO/IEC 42001 engagement is. The foundation you build here is still the ideal starting point for it. See the ISO 42001 service →

Have the answer ready before they ask.

Build a solid AI & data governance foundation for your business, and stop losing deals and grants to a gap you can close.

Get Self-Serve — £450 →Get Guided — £1,500