A fixed-price, fixed-scope service that establishes your AI governance framework, deploys Microsoft Purview controls, and delivers quarterly governance reporting your board can sign off on. Covers every AI vendor in your environment — not just Microsoft.
Every Bundle includes the same five fixed deliverables. We don't sell tiers and we don't lock features behind premium pricing. The work is the work.
Every AI tool in use across your business — Claude, Copilot, ChatGPT, Gemini, Perplexity, whatever's there. Who's using it, what data flows through it, what risk it creates.
Drafted for your industry and your regulator (TPB, ASIC, APRA, AHPRA, Law Society — whichever applies). One page, plain English, ready for legal sign-off.
Sensitivity labels, DLP rules, Essential Eight alignment. Tool-level guardrails configured for whichever AI vendors are in your environment — Claude, Copilot, and cross-vendor overlays for the rest.
ISO 42001 + Voluntary AI Safety Standard + your industry-specific regulator. The document your board will be asked to evidence when an audit lands.
Board-ready, signed off by Evisent senior, every quarter. Traffic-light status across Inventory, Policy, Controls, and Reporting. The single artefact that proves the ongoing fee is being earned.
The Bundle's setup phase is sequenced. Each week has a defined goal, a defined output, and a defined gate to the next week. You always know where we are.
Tenant access, stakeholder map, condensed Discovery (if no Sprint completed).
AI Governance Framework drafted, mapped to ISO 42001 + your regulator. Stakeholder review.
Microsoft Purview deployment / refinement. Cross-vendor governance overlays applied.
AUP rolled out, staff training delivered, AI inventory published. First monthly report generated.
AI changes monthly. So does your team's use of it. The ongoing fee covers the cadence of review and refinement that keeps your governance posture current.
Most governance work produces documents nobody reads. The Quarterly Report is built backwards from the one-page traffic-light summary a board chair will actually open.
Every other AI consultant starts a discovery call with "that depends." We publish the price and the deliverable. You can decide if we're worth booking before you book the call.
AI governance is the set of policies, controls and oversight a business puts around how it uses AI — who can use which tools, on what data, with what review. Most Australian businesses already have shadow AI (staff using ChatGPT, Claude, Copilot, Gemini) without a policy. The exposure is data leakage, IP loss, regulatory breach, and decisions made on unverified AI output. Governance is the structural fix.
A complete governance foundation: AI Acceptable Use Policy, risk register, vendor assessment process, board reporting templates, staff training collateral, and quarterly review cadence. Built on ISO 42001 principles and mapped to Australian regulators (Privacy Act, APRA CPS 230 where applicable). Delivered as editable artefacts that vest with you.
Yes. The Bundle is mapped to ISO/IEC 42001:2023 (the international AI Management System standard). If your business plans to pursue certification, the Bundle gives you a working management system that is already aligned. If certification is not on your roadmap, the Bundle still gives you the operating discipline of one.
There is no AI-specific Australian statute yet, but several existing obligations apply when AI is used. APRA CPS 230 (operational risk management) covers material service providers — increasingly that includes AI vendors. The Privacy Act applies whenever personal information goes through an AI system. ASIC has signalled directors duties extend to AI oversight. Sector regulators (TGA, ACMA, AHPRA) each have their own positions. The Bundle maps the obligations that apply to your industry specifically.
Yes. AI raises issues that traditional infosec policies do not address: model output reliability, training-data leakage, prompt injection, vendor data residency for AI providers, and accountability when AI gets a decision wrong. The Bundle complements your existing security policies rather than replacing them.
Typically 4–6 weeks end-to-end. Most clients run the 2-week Sprint first to establish their foundation, then move into the Bundle. The Sprint cost credits against the Bundle if you choose to proceed.
Most Bundle clients start with a 2-week AI Readiness Sprint to size the work first. From $4,950 + GST, it gives you the discovery, AUP draft, and board summary — and a clear shape for the ongoing governance work.