AI Business Readiness Assessment

Is your business
ready for AI?

Before your team starts using AI tools with company data, it's worth knowing where you stand. Our assessment tells you exactly what's in place, what's missing, and what to do next — in plain English.

Book your assessment See what's included

£725 + VAT for up to 20 people — £1,250 + VAT for 21–50. Fixed price, full written report.

AI Readiness Scorecard
  • Security Controls30%
  • Data Protection & GDPR25%
  • Data Access & Governance20%
  • Policies & Procedures15%
  • User Awareness10%
Overall readiness rating
Ready
Mostly Ready
Significant Gaps
Not Ready
The problem

Most businesses are already using AI. Few know if they should be.

ChatGPT, Microsoft Copilot, AI writing tools — your team is probably using at least one of them. Maybe with your blessing, maybe not.

That's not unusual. What matters is whether the basics are in place before company data starts flowing through those tools. GDPR obligations, security controls, access permissions — the rules don't bend because the technology is new.

Our assessment gives you a clear picture of where you stand, and a practical plan to close any gaps — before they become problems.

  • Shadow AI you don't know about Staff using personal AI accounts with company data — outside your policies, outside your control, potentially outside GDPR.
  • Oversharing through Microsoft 365 Copilot and similar tools surface information based on permissions. If those permissions are loose, AI makes oversharing easier, not harder to spot.
  • No policy to point to Without an AI acceptable use policy, you have no baseline for what's allowed — and no defensible position if something goes wrong.
  • Rushing into tools before you're ready Buying Copilot licences without the right foundations in place rarely delivers value. It usually just adds complexity and cost.
What you get

A complete picture, delivered in two days.

Two consultant days. A written report. A practical plan. Everything you need to make confident decisions about AI in your business — without the jargon.

AI Readiness Report An executive summary written for business leaders, not technical teams. Clear findings, your overall readiness score, and the key risks explained in plain English.
Prioritised Action Plan Every recommendation categorised by priority — high, medium, low — with estimated effort and business impact, so you know where to focus first.
Technical Findings A detailed technical report covering security, data protection, Microsoft 365 configuration and governance — for your IT team or IT provider to act on.
AI Acceptable Use Policy A ready-to-use policy template covering what staff can and can't do with AI tools — tailored to your business and ready to adopt or adapt.
AI Governance Policy A governance framework for how AI decisions get made in your business — approval processes, supplier controls, and accountability structures included.
AI Risk Register Template A working risk register to capture and manage the AI-related risks we identify — ready for ongoing use by your team or management board.

What the assessment covers

Security baseline MFA, admin accounts, password policies, endpoint protection, patch management and email security — assessed against what's needed for safe AI use.
Data protection & GDPR How personal data is handled, classified, stored and shared — and whether current practices hold up when AI tools enter the picture.
Microsoft 365 & data access SharePoint permissions, OneDrive usage, Teams access, external sharing and guest access — identifying where AI could expose data beyond intended audiences.
Existing policies & procedures Information security, data protection, acceptable use, remote working, document retention and supplier management policies reviewed for AI readiness.
Governance & shadow AI Current AI usage across the business, shadow AI risks, staff awareness, governance gaps and supplier controls — the human side of the picture.
Your AI readiness score A weighted score across all five areas, giving you a clear overall rating: Ready, Mostly Ready, Significant Gaps, or Not Ready.
How it works

Ten steps. Two days. One clear outcome.

The assessment is a fixed-scope engagement delivered across two consultant days. Here's what happens, in order.

1
Discovery meetingWe sit down with the right people in your business to understand how AI is currently being used, what you're planning, and what concerns you have.
2
Documentation collectionWe gather your existing policies and procedures — information security, data protection, acceptable use, and anything else relevant.
3
Security reviewA technical review of your security baseline — authentication, endpoint protection, patching, email security and backup — against what's needed for safe AI adoption.
4
Data protection & GDPR reviewWe assess how personal data is handled today and where AI tools could create new GDPR obligations or risks.
5
Microsoft 365 & access reviewWe check SharePoint, OneDrive, Teams and guest access settings — identifying where AI tools could expose data beyond intended audiences.
6
Governance & policy reviewWe look at how AI decisions are currently made (or not), identify shadow AI usage, and assess whether your governance arrangements are fit for purpose.
7
AI readiness scoringWe score your business across all five assessment areas and calculate your overall AI readiness rating.
8
Findings workshopBefore the final report, we walk through the key findings with you. A chance to ask questions, add context, and understand what we've found.
9
Report productionWe produce the full written report — executive summary, technical findings, scorecard, policy templates and prioritised action plan.
10
Final presentation & deliveryWe present the findings and hand over the full report. You leave with everything you need to act on the recommendations.

What isn't included

The assessment identifies risks and recommendations. It doesn't implement them. Any remediation or project work identified during the assessment will be scoped and quoted separately.

  • AI implementation or Copilot rollout
  • Security configuration changes or tenant hardening
  • Permission remediation or SharePoint restructuring
  • Legal advice or GDPR compliance certification
  • Formal regulatory audits or DPO services
  • User training programmes

What we'll need from you

The assessment runs smoothly when the right people are available and access is in place ahead of time. Here's what we'll ask for:

  • Access to relevant stakeholders for discovery interviews
  • Copies of existing policies and documentation
  • Microsoft 365 administrative access
  • Attendance at the findings workshop
  • Honest information about current AI usage — including unofficial use
Pricing

Fixed price.
No surprises.

The AI Business Readiness Assessment is a fixed-scope engagement. You know exactly what you're getting and exactly what it costs before we start. No hourly billing, no scope creep, no surprises.

If you go on to become an ISS managed IT customer within 90 days of your assessment, the full assessment fee is credited against your first three months of service.
Fixed assessment price
£725
+ VAT — up to 20 people
£1,250 + VAT — 21 to 50 people
  • Discovery & stakeholder interviews
  • Security & Microsoft 365 review
  • Data protection & GDPR assessment
  • Governance & shadow AI review
  • AI readiness scorecard
  • Executive summary & technical report
  • Prioritised remediation roadmap
  • AI Acceptable Use Policy template
  • AI Governance Policy template
  • AI Risk Register template
  • Findings workshop & final presentation
Book your assessment

Pricing based on number of people in your business. Get in touch to confirm the right price for you.

01483 268477  |  info@iss-it.co.uk

Book an Introductory Call
Remote Support
Portal Login

Scroll to Top