On this page
TL;DR
A 90-day CISO playbook to stand up a working AI governance programme: 30 days discovery and shadow AI audit, 60 days policy and DLP baseline with audit logging, 90 days compliance mapping and tabletop. Anchored on NIST AI RMF 1.0 (NIST AI 100-1, January 2023). Updated 2026-05-20.
Why a 30/60/90 structure works for AI governance
A 30/60/90 structure works because it forces sequencing. The single most common failure mode in AI governance kickoff is parallel work on policy, DLP, training, and vendor management without first establishing the inventory the rest of the programme depends on. Without an inventory, every other artefact is hypothetical.
The structure below is anchored on the four functions of the NIST AI RMF (GOVERN, MAP, MEASURE, MANAGE) and is designed for a CISO at a 200 to 5,000-employee organisation in a regulated sector (financial services, healthcare, insurance, education, public sector). It assumes the CISO is the named accountable executive and has at least one full-time analyst plus part-time access to Legal, Privacy, IT, and HR. At Areebi, we have run this 90-day structure with mid-market customers many times, and the failure modes cluster heavily around skipping discovery rather than around weak policy drafting.
The 90 days are not meant to deliver "compliance complete". They are meant to take an organisation from a cold start to a defensible, working baseline: inventory live, policy published, enforcement on, incident path tested, and a documented gap-to-target roadmap for the following six to twelve months.
Days 1-30: Discovery and shadow AI audit
The single goal of the first 30 days is an inventory. Everything else - policy, DLP, training, vendor management - is optional until you have a defensible list of every AI system, vendor feature, and shadow tool in use across the organisation. The discovery work breaks into four streams.
Stream 1: Procurement and vendor inventory. Pull the full vendor list from procurement and the SaaS spend tracker. For each vendor, document whether AI features are present, whether they are on by default, and what data is flowing to them. Most enterprises discover that more than half of their AI exposure lives inside non-AI vendors - features quietly added to CRM, productivity, support, and analytics tools.
Stream 2: Network and identity telemetry. Mine the SSO, CASB, and proxy logs for traffic to known AI provider domains (the major LLM providers, image generation services, code assistants). Cross-reference with expense data. The gap between sanctioned tools and observed traffic is the shadow AI surface. The Areebi shadow AI guide covers the discovery mechanics in depth.
Stream 3: Self-report. A simple structured survey to managers and team leads asking which AI tools their team uses and for what purpose. Self-report alone is unreliable, but combined with streams 1 and 2 it surfaces use cases that telemetry misses (offline use, mobile, personal device usage of corporate data).
Stream 4: Use-case interviews. Targeted 30-minute interviews with the function leaders most likely to have material AI exposure (Engineering, Marketing, HR, Finance, Customer Support, Legal). These interviews tend to surface the highest-risk use cases that telemetry alone misses.
Day 30 deliverable: the AI Inventory v1. A single document or system listing every sanctioned and observed AI tool, vendor feature, and use case, with named owner, data classes involved, and a provisional risk tier (high, medium, low). This is the foundation everything else builds on.
Days 1-30 checklist
- Charter the AI Governance Committee. Name the executive sponsor (typically CISO), risk owner, technical owner, and legal lead.
- Pull the full procurement and SaaS vendor list. Tag every vendor by AI exposure (no AI, AI features off by default, AI features on by default, AI is the product).
- Mine SSO, CASB, and proxy logs for AI provider traffic. Build a frequency-by-user view.
- Run the manager self-report survey. Document the gap between self-report and telemetry.
- Conduct use-case interviews with at least six function leaders.
- Stand up the inventory. Provisional risk tier per system. Named owner per system.
- Draft a one-page status memo for the executive risk committee. Get the AI Governance Committee added as a standing item.
- Identify the top three "must-not-fail" use cases. These are the priority for policy and DLP work in days 31 to 60.
Days 31-60: Policy, DLP, and audit baseline
The single goal of days 31 to 60 is enforced policy. The output is a published Acceptable Use Policy, with the machine-readable enforcement rules running at the prompt layer, and audit logging proving the rules are firing. This is the work that converts the inventory into a working control surface.
Policy first, then enforcement. Draft the Acceptable Use Policy as a short, readable document (target: under 10 pages, written for non-lawyers). The policy should name approved tools, prohibit specific actions (no PII to unsanctioned tools, no customer data in untrusted models, no production deployment without a documented impact assessment), define escalation paths, and assign accountability. Run the draft through Legal, Privacy, and HR review. Get committee approval before publication.
Then convert policy to enforcement. Each clause in the published policy should map to a specific enforcement rule. Some rules will be at the prompt layer (the Areebi policy engine blocks or redacts based on data class, user role, and destination provider). Others will be at the network or identity layer (CASB rules, conditional access policies, allowlists for sanctioned tools). The point is that every published clause has a documented enforcement mechanism, not a wish.
DLP baseline. The DLP work in this phase focuses on the prompt layer. The control objective: prevent specific data classes (PII, PHI, IP, financial data) from leaving the perimeter to any model regardless of which user or vendor is involved. The Areebi DLP controls classify content at the prompt and either block, redact, or rewrite based on policy. Get DLP live on the top three use cases identified at day 30, then expand from there.
Audit baseline. Every interaction logged with the model version, policy version, user, role, data classes detected, and the disposition (allowed, blocked, redacted). The audit log is what makes future incident response possible. Without it, you cannot reconstruct what happened. The Areebi audit log does this by default.
Day 60 deliverables. Published Acceptable Use Policy. Enforcement live on the top three use cases. DLP baseline in production. Audit log capturing every interaction. Training launched to all employees with the ability to deploy or use AI in workflows.
Days 31-60 checklist
- Draft the AI Acceptable Use Policy. Target under 10 pages. Plain language. Committee-approved.
- Map every published policy clause to a specific enforcement rule (prompt layer, network, identity).
- Deploy the prompt-layer policy engine on the top three use cases identified at day 30.
- Stand up DLP at the prompt layer for the priority data classes (PII, PHI, IP, financial).
- Enable audit logging by default. Verify every interaction captures model version, policy version, user, role, data class, disposition.
- Launch role-based training: general for all employees, deep dives for developers, data scientists, customer-facing staff.
- Update vendor onboarding to include the AI addendum (data, model provenance, residency, audit rights).
- Publish a quarterly AI risk report template. Run a first draft against the day-60 state.
Get your free AI Risk Score
Take our 2-minute assessment and get a personalised AI governance readiness report with specific recommendations for your organisation.
Start Free AssessmentDays 61-90: Compliance mapping and tabletop
The single goal of days 61 to 90 is operational readiness. The output is a documented mapping of controls to the relevant regulatory frameworks, plus a tested incident response path proven through a tabletop exercise.
Compliance mapping. Map the controls now in place (policy, DLP, audit, vendor management, training) to the regulatory frameworks the organisation is subject to. For most US-based mid-market organisations the priority frameworks are NIST AI RMF (with AI 600-1 for GenAI), ISO/IEC 42001, and any applicable US state laws (Colorado AI Act, California SB-942). For EU-exposed organisations add the EU AI Act. The mapping is the artefact that audit, procurement, and regulators will request first.
Tabletop exercise. Run a structured tabletop with the AI Governance Committee, Legal, Privacy, IT Security, Communications, and the business unit owner of the affected use case. Pick a realistic scenario: a vendor model emits sensitive data to an external user, a prompt injection attack succeeds against a customer-facing assistant, a model drift incident causes an unexpected disparate impact pattern. Walk the response through detection, containment, communication, remediation, and post-incident review. Document the timing, the gaps, and the lessons learned.
Roadmap and handoff. Convert the gaps identified through tabletop and compliance mapping into a documented 6-12 month roadmap with named owners and target dates. Hand the roadmap to the AI Governance Committee for ongoing operation. The 90-day playbook ends; the operating model begins.
Day 90 deliverables. Compliance mapping artefact (controls-to-frameworks). Completed tabletop exercise with documented lessons. Six to twelve-month roadmap with named owners. AI Governance Committee operating in steady state with monthly cadence. Quarterly risk report ready for executive distribution.
Days 61-90 checklist
- Build the controls-to-frameworks mapping. Anchor on NIST AI RMF as the primary framework. Add ISO 42001, EU AI Act, and applicable state laws.
- Validate the mapping with Internal Audit and Legal. Get a sign-off on the framework selection.
- Design a realistic tabletop scenario. Avoid toy examples; pick a scenario representative of the organisation's actual exposure.
- Run the tabletop. Document timing, gaps, decision quality, and lessons learned.
- Convert tabletop findings and compliance gaps into a documented 6-12 month roadmap with named owners and target dates.
- Confirm the AI Governance Committee meeting cadence, agenda template, and minute-keeping discipline.
- Publish the first quarterly risk report. Confirm the audience and distribution path.
- Brief the executive risk committee on the day-90 state and the forward roadmap.
Phase summary at a glance
The summary table for the entire 90 days.
| Phase | Single goal | Primary deliverable | NIST AI RMF function |
|---|---|---|---|
| Days 1-30 | Inventory | AI Inventory v1 with named owners and provisional risk tiers | MAP (per-system context and categorisation) |
| Days 31-60 | Enforced policy | Published policy + enforcement at the prompt layer + audit logging | GOVERN (policy) + MANAGE (enforcement) |
| Days 61-90 | Operational readiness | Compliance mapping + tested incident response via tabletop | GOVERN + MEASURE + MANAGE (cross-cutting) |
The mapping back to NIST AI RMF functions is intentional. The 30/60/90 structure is a sequencing layer on top of NIST, not a replacement for it. The NIST AI RMF compliance hub walks through the framework in depth, and the GOVERN deep dive and MAP deep dive cover the two functions most relevant to days 1 through 60.
Common failure modes
Three failure modes show up repeatedly when CISOs run the 30/60/90.
Failure 1: Skipping discovery to "get to policy faster". The temptation to draft policy in week 1 is strong because policy feels concrete. Without an inventory, policy is hypothetical and enforcement is impossible. The fix is discipline: no policy work before the inventory is at v1.
Failure 2: Policy without enforcement. A published policy that exists only as a PDF is not GOVERN-compliant under NIST and is not defensible in audit. Every clause must map to a specific enforcement rule, and audit logs must prove the rules are firing. The fix is the policy-clause-to-enforcement-rule mapping done during days 31 to 60.
Failure 3: Tabletop as theatre. A scripted tabletop where everyone says the right thing in the right order produces no learning. The fix is to design the scenario for genuine ambiguity, time-box decisions, and require named individuals to make the actual calls under realistic time pressure. Lessons learned should produce concrete control deltas.
What to read next
Related Areebi resources for CISOs running the 30/60/90.
- Build an AI governance programme - the operating-model layer above the 30/60/90.
- NIST AI RMF implementation guide - the longer-form, 24-week implementation playbook.
- Shadow AI guide - the discovery mechanics for days 1 to 30.
- AI compliance checklist for enterprise - the artefact-level checklist that complements the phase checklists above.
- State of AI governance May 2026 roundup - the regulatory context for the compliance mapping in days 61 to 90.
Frequently Asked Questions
Is 90 days enough to stand up AI governance?
Not for full compliance, but enough for a defensible working baseline. By day 90 the organisation has an AI inventory, a published Acceptable Use Policy, enforcement live at the prompt layer for the highest-risk use cases, audit logging by default, a controls-to-frameworks mapping, and a tested incident response path. Full programme maturity (extending enforcement to every system, completing ISO 42001 certification, building out continuous monitoring at scale) typically takes 12 to 24 months on top of the 90-day baseline.
Who should own the 90-day playbook?
The CISO or Chief Risk Officer is the most common accountable executive. The day-to-day operating lead is typically a senior security or risk analyst with at least 50 percent dedicated time. The AI Governance Committee chartered in days 1 to 30 provides cross-functional input from Legal, Privacy, IT, HR, and the business units with material AI exposure. Federal agencies and large enterprises increasingly designate a Chief AI Officer (driven by OMB M-24-10 for federal); in those cases the CAIO runs the playbook with the CISO as a key delegate.
What is the most common failure mode?
Skipping discovery. The temptation to start with policy drafting in week 1 is strong because policy feels concrete and visible. Without an inventory at the end of days 1 to 30, every subsequent artefact is hypothetical and enforcement is impossible. The discipline that separates successful 90-day programmes from stalled ones is the willingness to spend the full first month on inventory before drafting a single policy clause.
Which framework should I map controls to?
NIST AI RMF (NIST AI 100-1, January 2023, with AI 600-1 for GenAI) is the primary anchor for most US-based mid-market and enterprise organisations because it is the framework most other regulatory frameworks reference. Add ISO/IEC 42001 if the organisation pursues management system certification. Add the EU AI Act if there is EU exposure. Add applicable US state laws (Colorado AI Act, California SB-942). For most organisations the priority order is NIST AI RMF first, ISO 42001 and EU AI Act second, state laws third.
Do I need a tabletop exercise in the first 90 days?
Yes. The tabletop in days 61 to 90 is the validation step that turns a paper programme into an operationally tested programme. Without a tabletop the first AI incident becomes a live discovery exercise rather than a rehearsed response. Pick a realistic scenario, include the cross-functional governance committee, time-box decisions, and document lessons learned. The lessons should produce concrete control deltas in the day-90 roadmap.
How does the 90-day playbook align with NIST AI RMF?
Days 1 to 30 (discovery and inventory) operationalise the MAP function (per-system context and risk categorisation). Days 31 to 60 (policy, DLP, audit) operationalise GOVERN (policy and accountability) and the beginning of MANAGE (enforcement). Days 61 to 90 (compliance mapping and tabletop) operationalise MEASURE (controls-to-frameworks evidence) and the rest of MANAGE (tested response). The 30/60/90 is a sequencing layer on top of NIST, not a replacement.
What documents prove the playbook was completed?
By day 90 the auditable evidence set includes: the AI Inventory with named owners and risk tiers; the AI Governance Committee charter and minutes; the published Acceptable Use Policy with version history; the policy-clause-to-enforcement-rule mapping; audit logs showing enforcement rules firing in production; vendor onboarding records with the AI addendum applied; training completion data by role; the controls-to-frameworks compliance mapping; the tabletop exercise report with lessons learned; and the 6-12 month forward roadmap with named owners and target dates.
Related Resources
- NIST AI RMF Compliance Hub
- Areebi Platform
- Policy Engine
- DLP Controls
- Audit Log
- AI Governance Assessment
- EU AI Act Compliance
- Colorado AI Act Compliance
- ISO 42001 Compliance
- Build an AI Governance Program
- NIST AI RMF Implementation Guide
- Shadow AI Guide
- AI Compliance Checklist for Enterprise
- NIST AI RMF GOVERN Deep Dive
- NIST AI RMF MAP Deep Dive
- State of AI Governance May 2026
Stay ahead of AI governance
Weekly insights on enterprise AI security, compliance updates, and governance best practices.
Stay ahead of AI governance
Weekly insights on enterprise AI security, compliance updates, and best practices.
About the Author
Areebi Research
The Areebi research team combines hands-on enterprise security work with deep AI governance research. Our analysis is informed by primary sources (NIST, ISO, OECD, federal registers, IAPP) and the operational realities of CISOs running AI programs in regulated industries today.
Ready to govern your AI?
See how Areebi can help your organization adopt AI securely and compliantly.