Writing an AI Tool Procurement Policy for a Growing Team

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-tools-AI-tool-procurement-policy-creators

1. A team implements an AI tool procurement policy. What is the primary goal of this type of policy?

   1. To require every single AI tool to go through a full legal review before use
   2. To ban all AI tools from being used by the team
   3. To completely eliminate all security risks from AI tools
   4. To make the secure way of using AI tools faster than finding workarounds

2. In a three-tier AI tool approval system, which tier represents tools that can be used freely without any review?

   1. There is no tier that allows completely free use
   2. Tier 2 - approved with data class limits
   3. Tier 1 - pre-approved list
   4. Tier 3 - requires 1-page security review

3. What does the term 'shadow AI' refer to in the context of team tool management?

   1. AI tools that have been rejected by the security team
   2. AI tools that are免费 but lack enterprise support
   3. AI tools purchased and used by individual team members without organizational approval
   4. AI tools that have been officially approved but are rarely used

4. A company is defining 'data classes that may not enter any third-party AI tool.' What is the purpose of categorizing data this way?

   1. To allow all employees to see which AI tools are approved for use
   2. To prevent sensitive or regulated data from being exposed to external AI vendors
   3. To reduce the number of tools that need formal security reviews
   4. To ensure all company data gets processed by AI tools faster

5. What is required for a new AI tool to move from Tier 3 to being approved for team use?

   1. An unlimited budget allocation for the tool
   2. A full implementation audit lasting several weeks
   3. A 1-page security review by security and legal teams, targeting a 5-day turnaround
   4. A verbal approval from a team lead

6. A student says, 'We should make our AI tool approval process take 30 days so everyone is afraid to try.' Why is this approach counterproductive?

   1. Thirty days is too fast and would encourage reckless tool adoption
   2. The goal is to make the safe path faster than finding workarounds; a slow process drives people to shadow AI
   3. Thirty days is actually a reasonable timeframe for approval
   4. Fear-based policies always work better in the long run

7. In vendor management for AI tools, what responsibility cannot be delegated to the procurement policy itself?

   1. Tracking which vendors are used across teams
   2. Maintaining a list of pre-approved tools
   3. Setting budget limits per team
   4. Reviewing each vendor's specific data processing practices

8. Why does the lesson recommend tracking per-team AI spend?

   1. To determine which teams should be laid off first
   2. To calculate employee performance ratings
   3. To ensure cost surprises don't compound across the organization
   4. To identify which teams are using the most electricity

9. What distinguishes Tier 2 tools from Tier 1 tools in the approval system?

   1. Tier 2 tools can be used but have named restrictions based on data classes
   2. Tier 2 tools require a full 30-day security audit
   3. Tier 2 tools require paying a higher subscription fee
   4. Tier 2 tools are banned entirely

10. When a team wants to use a brand new AI tool not on any approved list, who must review it according to the policy framework?

    1. Security team and legal team together
    2. A single IT administrator
    3. Only the requesting team's manager
    4. The entire company board

11. What is the target Service Level Agreement (SLA) time for approving a new Tier 3 AI tool?

    1. 30 days
    2. 5 business days
    3. One year
    4. Same-day approval

12. A policy that requires every AI tool to undergo a full legal and security audit before any use would likely result in which outcome?

    1. Increased adoption of approved tools
    2. Massive shadow AI usage as teams avoid the slow process
    3. More budget available for other projects
    4. Lower overall security since no tools get reviewed

13. The lesson states that even with a perfect procurement policy in place, some shadow AI usage will continue to exist. What is the primary reason for this limitation?

    1. AI tools are too expensive for most teams
    2. Preventing it entirely would require invasive monitoring that is worse than the problem
    3. Employees intentionally want to violate rules
    4. All AI tools are equally secure by default

14. A company skips per-vendor data processing reviews and only uses the tiered approval system. What risk does this create?

    1. Sensitive data might be processed by vendors in ways that violate privacy regulations
    2. Employees will use fewer tools
    3. The tools will be approved faster
    4. The budget tracking will be more accurate

15. What is the main value of maintaining a pre-approved list of AI tools (Tier 1)?

    1. It creates a sense of hierarchy among team members
    2. It allows most needs to be met without requiring any review process
    3. It proves that the company has unlimited budget for tools
    4. It satisfies legal requirements for all future tool purchases