Rule 52 guide
AI risk register and tool inventory for teams moving past informal AI use. Once AI use becomes recurring, teams need records: what tools exist, what data is involved, who reviews output, and which use cases are approved.
A policy tells people the rules. A register and inventory show whether the organization can actually track AI use. That matters when tools touch client work, confidential data, employee records, public claims, or leadership decisions.
What to track
What to track
- Tool name, owner, users, and account type.
- Primary use cases and output types.
- Sensitive data categories involved.
- Human reviewer and approval owner.
- Risk level, controls, status, and next review date.
- Incidents, exceptions, denials, and corrective actions.
Why this matters
Why this matters
- Without an inventory, leadership may not know which AI tools are in use. Without a risk register, it is hard to prioritize controls. Without an exception log, repeated issues disappear into chat history and memory.
How Rule 52 helps
How Rule 52 helps
- The Pro Pack generates CSV records for AI risk register, tool inventory, and incident/exception log, along with policy, staff rules, approval forms, review checklists, manager FAQ, leadership memo, and use-case intake materials.
Recommended next step
Generate the documents, then review and adopt them.
Rule 52 creates editable business-control materials for AI use. It does not replace legal, cybersecurity, privacy, clinical, tax, or compliance review. Regulated or high-risk organizations should have qualified professionals review before adoption.