Module · Fast enough that nobody routes around you

The IT Team AI Check

IT is the team everyone blames for saying no and nobody thanks for saying yes safely. With AI, the stakes are sharper: if the sanctioned path is slow, people reach for a browser tab and a private account, and your data walks out with them. This module checks the five things that decide whether IT is the fast lane or the roadblock: how quickly you provision, whether there is a catalogue people can pick from, how much friction an access request carries, whether you can see the tools you never approved, and whether the AI tooling you do run is actually current.

Question 1 of 5 · Provisioning is fast

How long does it take your team to get someone a new AI tool they need?

Every day between a request and a working login is a day the person spends looking for a way around you. Provisioning speed is not a convenience metric, it is your single strongest defence against shadow AI: the fast sanctioned path is the one people actually take.

Question 2 of 5 · A tool catalogue exists

Is there a list of sanctioned AI tools your people can actually choose from?

Without a catalogue, every AI request is a bespoke negotiation and every employee guesses at what is allowed. A living list of approved tools, with what each is cleared for, turns a hundred one-off decisions into a menu people can pick from without asking.

Question 3 of 5 · Access has low friction

How much friction stands between someone wanting AI access and having it?

Every form, every approval hop, every wait is friction, and friction is what sends people to the unsanctioned tool. The goal is not to remove control but to make the controlled path the path of least resistance, so doing it right is also doing it easy.

Question 4 of 5 · Shadow IT is visible

Can you see the AI tools your people use that you never approved?

The tools you sanctioned are the ones you can name. The risk lives in the ones you cannot: the browser plugins, the personal accounts, the free tier someone signed up for with a work email. If you cannot see shadow AI, you cannot govern it, and you certainly cannot claim it is not there.

Question 5 of 5 · AI tooling stays current

Is the AI tooling you run kept patched and up to date?

AI tools move fast: models change, connectors update, security fixes ship weekly. Tooling you provisioned a year ago and never touched is running on old models with old vulnerabilities. Currency is not a nice-to-have when the thing has access to your data and a direct line to the internet.

For the statistics · one click each

Three questions for the public picture

These do not affect your score. They feed the anonymised, aggregated statistics; groups under 8 respondents are never shown.

How fast can your team provision a new sanctioned AI tool for someone?

Weeks or more
A few days
Same day
Minutes, self-serve
We have not measured

Do you maintain a catalogue of sanctioned AI tools?

No catalogue
Informal list
Yes, kept current
Curated, with guidance
Not our remit

How well can you see the unsanctioned AI tools in use?

We cannot see them
Anecdotes only
Periodic discovery
Continuous visibility
We do not know

Your context

Used to calibrate the report. Company size and sector remain in the anonymized dataset; your email does not.