■Concerns like these - The use of AI within the company is expanding, and there is a lack of control. - There are concerns about handling confidential and personal information. - There is fear of customer service incidents due to AI's incorrect responses. - The handling of copyright, citations, and training data is ambiguous. - The division of responsibility in the event of an incident has not been established. ■Provided Content (Details) - 1) Definition of the scope of application (first, confirm the "target") - 2) Information classification and handling (most important) - 3) Prohibited and mandatory items (prevent incidents before they occur) - 4) Division of responsibility (determine the "responsible person" for AI) - 5) Logs and audits (document "what happened") - 6) Incident response (establish procedures for when incidents occur) - 7) Education and establishment (rules that cannot be followed are meaningless) - 8) Updates and improvements (AI changes, so "revision is assumed") ■Deliverables - AI operation policy document (scope of application, information classification, prohibited/mandatory items, division of responsibility) - Usage-specific guides (sales/customer service/technology/recruitment/marketing, etc.) - External communication rules (approval flow, checklist items) - Log and audit design (items, permissions, storage, audit procedures) - Incident response procedures (initial response, reporting, recurrence prevention) - Educational materials (cheat sheets, case studies, training slide drafts) - Revision rules - KPI design

■2 million to 12 million yen (varies by number of departments and scope) - Light (policy text + minimum prohibitions/requirements + responsibility boundaries): 2 to 3.5 million yen - Standard (usage-specific guidelines, audits/logs, incident procedures, etc.): 3.5 to 7 million yen - Expanded (multiple departments, external AI, education/support for establishment, ongoing improvements): 7 to 12 million yen *Estimate required

Shortest 3-5 weeks / Standard 2-3 months

■Purpose - Safe governance of AI usage (confidentiality/personal information/misanswer countermeasures) - Clarification of responsibility boundaries (continuous operation) - Prevention of external communication accidents (approval/review) - Auditable system (logs/evidence) - Education and establishment (granularity that can be adhered to on-site) ■Examples of Achievements - On-site unauthorized AI usage → Control through information classification and prohibitions - Fear of external AI → Safe operation with guardrails + audits + incident procedures - Rules becoming mere formalities → Improved compliance rates through cheat sheets and education ■Approach 1. Current situation assessment: Organize AI usage scenarios, target data, and whether there is external communication 2. Risk inventory: Confirm accident patterns and prohibited areas 3. Policy formulation: Document information classification, responsibility boundaries, and approval/audit processes 4. Exception design: Strengthened rules for automated responses and external communications 5. Education design: Create cheat sheets and example collections for on-site use 6. Start operation: Establish an audit and revision cycle