Cybersecurity & Responsible AI Training
Use AI confidently without accidentally pasting your client list, financials or confidential documents into the digital void. For SMBs the right frame isn't NIST. It's clear standards your team will actually follow, written for the customers, board and auditors asking next quarter.
The pattern we keep seeing.
A leader bans ChatGPT after reading a Wired article. Six weeks later, three staff are running AI through personal phones, two have browser extensions IT hasn't audited, and the finance team is quietly pasting unpublished numbers into a free tool to summarise. The ban created shadow use. The shadow use created exposure. Nobody can answer 'what's our AI policy?' without flinching.
Your staff are already using AI. Not always where you can see it.
Free ChatGPT accounts on personal laptops. Browser extensions IT didn't approve. Sensitive client data pasted in to summarise. The use is happening; the visibility isn't.
Banning the tools hasn't worked anywhere.
Productivity drops, sceptics gloat, fluent staff use AI on their phones anyway. You need a policy that's respected, not avoided.
Vendor questionnaires are getting sharper.
'Describe your AI use policy' now sits next to security and privacy in RFPs. Saying 'we don't have one' loses deals you didn't even know you were losing.
What is Cybersecurity & Responsible AI Training?
A practical training programme that gives your team the rules, the habits and the documentation to use AI safely, without banning the tools that are actually helping.
Use AI confidently without accidentally pasting your client list, financials or confidential documents into the digital void. For SMBs the right frame isn't NIST. It's clear standards your team will actually follow, written for the customers, board and auditors asking next quarter.
Edison AI delivers a practical responsible-AI training programme for Australian SMB teams. The standard engagement produces a written internal AI policy, an approved-tools register, a safe-prompting standard, a manager review protocol and a vendor questionnaire kit. Designed to satisfy customer questionnaires and board-level governance questions without banning the tools your team is already using productively. Typical engagement: 3–4 weeks, $10,000–$28,000 plus GST.
The shifts you can't postpone.
Three reasons to set the standard this quarter rather than next.
- 01
Insurance and audit clauses are catching up.
Cyber-insurance renewals are starting to ask about AI policy. Audit firms are adding AI to their standard checklists. The clause that didn't exist last renewal is in this one.
- 02
A single incident reshapes the conversation.
One client data leak via a free AI tool is a board-level story. Quietly setting the standard now is cheaper than handling that meeting.
- 03
Customers are asking before they sign.
Especially in finance, health, legal and government-adjacent sectors. The written policy is the deal-clearing artefact. The missing answer that loses procurement cycles.
What you get.
- 01
Current-state AI use map (including shadow use)
- 02
One-page AI use policy (plain English, lawyer-reviewable)
- 03
Approved-tools register, mapped to your stack
- 04
Safe-prompting standard (redaction guide + examples)
- 05
Manager review and escalation protocol
- 06
Vendor questionnaire kit (written reusable answers)
Where this shows up.
Client data
Risk
Pasting confidential briefs or PII into free AI tools to summarise or rewrite.
Standard
Redaction guide, an approved enterprise tool nominated for client data, an audit log expectation, and a one-line entry in the engagement letter.
Example
A lawyer drafting a client memo uses the approved enterprise tool only, with PII redacted from the prompt.
Financial data
Risk
Leaking unpublished financials into a public model when drafting commentary or board papers.
Standard
A number-masking convention, approved tools only, manager review of any AI-generated financial commentary before it leaves the room.
Example
A CFO drafts board commentary inside a private workspace with the prior month's figures pre-loaded.
HR / people data
Risk
Salary, performance reviews and sensitive personal information landing in tools that retain training data.
Standard
HR-data category in the register, restricted-tool list, two-person review for anything externally surfaced.
Example
A People lead drafts a performance letter only in the approved tool, with manager review before it sends.
Vendor IP
Risk
Third-party confidential material. NDA'd briefs, supplier contracts, partner roadmaps. Entering public models.
Standard
NDA-aware handling, a written exclusion list, a quarterly spot-check.
Example
A consultant excludes NDA'd partner material from any AI prompt, per the written exclusion list.
Customer-facing AI
Risk
AI replies in your brand's voice generating misleading or non-compliant content.
Standard
Review-before-send rule, escalation path, weekly QA sampling.
Example
Support uses AI to draft replies, every external send goes through a human review gate first.
The engagement.
- Step 01
Diagnose
Map current and shadow AI use. Identify high-risk workflows. Interview a sample of staff across functions.
- Step 02
Design
Draft the policy, approved-tools register, prompting standard and review protocol. Iterate with leadership on tone, scope and what to include.
- Step 03
Deploy
Team training session(s). Manager review session. Documentation handover. Vendor questionnaire kit assembled.
- Step 04
Embed
Six-month review cadence. Vendor questionnaire updates. Optional fractional check-in for sectors with active regulatory change.
What changes.
A written AI use policy you can attach to RFPs.
Removes one of the most common deal-blocking questions in 2026 procurement. Usually by the next quarter's vendor questionnaire.
Shadow AI use mapped and replaced.
The free-tool, personal-laptop pattern is named, addressed and replaced with an approved alternative. Typically within four weeks.
A defensible answer for the board and the auditor.
'We use AI. Here is our policy, our register and our review protocol.' Conversation closed in one meeting, not three.
Who this works for.
This is for you if…
- Your team is using AI and you don't have a written policy
- You're seeing AI questions in vendor questionnaires or insurance renewals
- You work with sensitive data (client, financial, HR, IP)
- You've banned AI and adoption has gone underground
- Your board has asked 'what's our AI position' and you don't yet have a one-pager
- You want a policy your managers can govern, not one that sits in a SharePoint folder
Not the right fit yet if…
- You have a sophisticated CISO and a mature AI governance team already in place
- You're a public sector entity needing IRAP / PSPF-grade certification (we'll refer)
- You want a 60-page binder rather than a one-page operating standard
How this compares.
Five common ways teams try to address responsible AI. Only one ships an operating-grade standard the team can actually follow.
Ban AI outright
- Gives
- Simplest 'policy'
- Falls short
- Shadow use, lost productivity, sceptic gloating
- Edison difference
- Practical policy that staff can follow
Copy a template policy online
- Gives
- Fast and free
- Falls short
- Doesn't match your stack or data; legalistic
- Edison difference
- Plain English, mapped to your tools
Wait for IT to write one
- Gives
- 'Free' (internal)
- Falls short
- Often technical, rarely operational
- Edison difference
- Operating-grade policy, not just a tech document
Pay a law firm
- Gives
- High-credibility document
- Falls short
- Expensive, legalese, not operational
- Edison difference
- Boutique consulting voice; lawyer-reviewed if needed
Big consultancy governance review
- Gives
- Comprehensive coverage
- Falls short
- Six figures, slow, junior handover
- Edison difference
- Fixed-fee, 3–4 week engagement
Edison AI
Operator-grade, founder-led, fixed quote. Built around your real stack and workflows , not a binder, a brochure, or a six-figure off-the-shelf programme.
What buyers ask first.
“We've banned AI. Isn't that enough?”
No. Shadow use continues on personal devices and personal accounts. The right answer is approved tools with clear rules. Bans push use into the places you can't see.
“Will this slow our team down?”
No. Most teams find the policy quietly removes friction by making 'is this OK?' obvious in 10 seconds. The question that currently takes a Slack thread.
“Is this a legal document?”
No. It's an operating document. We'll recommend a legal review only if your sector (finance, health, government-adjacent) requires it.
Common questions.
What's the investment range for responsible AI training in Australia?
$10,000–$28,000 plus GST depending on team size, sector and depth of policy work.
How long does it take?
3–4 weeks end-to-end. Week 1 diagnostic, weeks 2–3 design, week 4 deploy and handover.
Do you replace our existing IT or cyber policies?
No. We write the AI-specific layer, designed to sit alongside existing security and privacy policies, not duplicate them.
Are you lawyers?
No, and the page makes that clear. We deliver an operating-grade policy. If your sector requires legal sign-off we'll partner with a lawyer or your existing counsel.
What tools do you recommend for safe AI use at work?
It depends on your data, stack and existing licences. Common recommendations include Claude Teams, ChatGPT Enterprise, Microsoft Copilot and Google Gemini for Workspace.
Will this satisfy our customers' AI questionnaires?
It will give you defensible written answers for the vast majority of mid-market and lower-enterprise vendor questionnaires.
How do I answer the AI question on a vendor questionnaire?
We hand over a vendor questionnaire kit. Written reusable answers your team can paste into RFPs. It covers policy, approved tools, data handling and the manager review practice.
How is the policy kept current?
A six-month review cadence is included. Models, tools and risks change; the standard updates with them.
The same service creates different leverage depending on your industry.
- Finance & InsuranceDocuments, compliance, follow-ups, pipeline. The four corners where margin leaks.
- Education & TrainingEnrolment, curriculum, AI policy, staff capability. Done responsibly.
- Professional ServicesProposals, knowledge, client comms. AI that respects expert judgement.
- Health & Allied ClinicsAdmin relief and patient communication. Privacy-first.
Other training services.
- S01
AI Workshops for Teams
A practical AI workshop for Australian SMB teams. Half-day or full-day, on your real work, building one shared prompting standard the whole team can follow.
Learn more - S02
Role-Based AI Workflow Training
Function-by-function AI workshops that rebuild your team's most-repeated workflow with AI, so the work runs faster, looks the same every time, and doesn't depend on one person.
Learn more - S03
Executive AI Enablement
Confidential 1:1 and small-group AI coaching for Australian founders, CEOs, directors and leadership teams, on the work that actually fills your week.
Learn more - S04
AI Playbooks & Prompt Systems
A short project that turns your team's AI know-how into a library of prompts and one-page playbooks, so new hires inherit it on day one and capability doesn't leave when staff change.
Learn more - S07
Agentic Operating Model
The documented system that describes how AI assistants and human staff share work. Who owns what, who approves what, what runs automatically and what stays human. The engagement that prevents agentic AI from becoming agentic chaos.
Learn more - S06
AI Adoption Programme
A structured six-week AI adoption programme that combines team foundations, two role-based workflow rebuilds, a productised prompt library, a responsible-use policy and fortnightly leadership check-ins.
Learn more