That's a data breach, a client dispute, or an EU AI Act fine waiting to happen. Cautra gives you everything you need to use AI responsibly — policies, registers, risk assessments — ready to deploy in under a day.
The risk is real
Most small teams are using 5–10 AI tools with zero governance in place. Here's what that actually looks like.
Free-tier AI tools may use your inputs to train their models. If your team is pasting client briefs, NDAs or personal data into unapproved tools, you're potentially breaching confidentiality and GDPR in the same click.
Full EU AI Act enforcement landed August 2026. Fines reach €35M or 7% of global turnover. SMBs using AI tools without documented governance and staff training are already exposed — most just don't know it yet.
Due diligence questionnaires now include AI governance sections. Enterprise clients are asking suppliers to demonstrate AI risk controls before signing contracts. "We don't have a policy" is no longer an acceptable answer.
Free resource
Before you buy anything — use this free checklist to audit your team's current AI exposure. 12 yes/no questions. Takes five minutes. Shows you exactly where the gaps are.
Enter your email to unlock the complete 12-point checklist as an instant PDF download — plus occasional AI governance updates for small teams.
No spam. Unsubscribe any time. We'll never share your email.
By subscribing you agree to our Privacy Policy.
Click below to download your free 12-Point AI Risk Checklist — no email needed, yours instantly.
Download the checklist — free Get the full kit — $79 →The kit
Built by a certified CISO. Written for real businesses, not compliance consultants. Every document is editable, branded, and ready to deploy.
A plain-English policy that tells your team exactly what AI tools they can use, what data they can enter, what's prohibited, and what to do if something goes wrong. Copy-and-paste into your employee handbook.
A pre-scored risk register covering 10 AI-specific risk categories — data leakage, hallucination, shadow AI, GDPR exposure, AI fraud, and more. Likelihood and impact scoring built in. Auditor-ready format.
A live inventory of every AI tool your team uses — approved status, data types processed, vendor hosting region, DPA status, and risk rating. The first document any auditor or investor will ask for.
A quick-reference guide that helps your team assess any new AI tool in under 30 minutes — data retention, training policies, DPA availability, hosting region, and free vs. paid tier risk differences.
A two-page brief for founders, directors and senior leaders. What they need to know about AI risk, what your governance framework covers, and what their responsibilities are under the EU AI Act.
Purchase once and the files are yours — no account to manage, no subscription, no access that expires. Download immediately after checkout and customise everything to fit your business.
Available at checkout — no separate purchase needed.
A step-by-step implementation guide for rolling out your AI policy across your team — including staff awareness session slides, a sign-off template, and a training log. Get everyone on the same page, fast.
Everything in the core kit, plus deeper governance coverage: AI Governance Policy, AI Tool Approval Checklist, Staff Security Awareness materials, Incident Response guidance, and extended NIST CSF 2.0 and CIS Controls v8 alignment mapping. For teams that want to go further than the essentials.
Made for you if…
Cautra is built for the people responsible for making AI work safely — without a dedicated CISO, compliance team or legal budget.
You've let the team adopt AI tools to move faster. Now a client is asking about your AI policy before signing, or your cyber insurer has flagged it at renewal.
It's fallen to you to "sort out the AI thing". You know the risk is real but you don't know where to start, and you don't have weeks to build it from scratch.
You're already managing the IT stack. AI governance is the new pressure point from clients, insurers and leadership — and you need something credible, fast, that doesn't require hiring a consultant.
Built to the right standards
Every document in the kit is aligned to recognised industry standards — so when someone asks, you can show them exactly what you're mapped to.
Controls mapped to the Govern, Identify, Protect, Detect, Respond, and Recover functions.
Aligned to CIS Controls 1, 2, 3, 14, and 17 — inventory, data protection, awareness and software management.
Addresses AI literacy obligations, transparency requirements, and the risk classification framework now in full force.
Addresses AI processing of personal data, lawful basis requirements, and vendor due diligence obligations under UK data protection law.
From the people using it
"We had an enterprise client ask about our AI governance before signing. I deployed the Cautra kit in one afternoon and sent them the policy the next morning. We won the contract."
"A client sent over a supplier security questionnaire with an AI governance section. I had the Cautra policy and risk register completed and back to them the same day. They were impressed — and we kept the contract."
Early adopter?
We'd love to feature
your story here.
Ready when you are
Instant download after purchase · Editable Word documents
Questions
No. Every document includes guidance notes explaining what to do with it, what to customise, and how to use it in practice. The Executive Guide also explains the context to leadership. You don't need a CISO — that's the point.
All documents are editable Microsoft Word (.docx) files. You can add your company logo, edit any section, and customise the content to fit your specific tools and team. They're also straightforward to convert to PDF once finalised.
Yes. The kit gives you a documented AI Acceptable Use Policy, a completed risk assessment, and a live tool register — which are the three things most client questionnaires and cyber insurance renewals ask for. The Pro Pack adds deeper governance documentation including an Incident Response guide and extended framework alignment for teams that face more demanding scrutiny.
Yes. The kit addresses the key obligations that apply to most small teams using AI tools: AI literacy requirements (in force since February 2025), documentation obligations, transparency requirements, and the risk classification framework now in full effect. For most SMBs using standard productivity AI tools — not developing high-risk AI systems — this kit puts you in a defensible position.
The standard licence covers one company. If you're an IT consultant, MSP or fractional ops lead looking to use the kit across multiple client implementations, the Pro Pack at checkout includes a practice licence for up to 5 clients.
For white-label reseller licences, email [email protected].