Proxaradocs
Guides/Reference

The AI Policy Blueprint

The free service: an instant snapshot of where a firm stands, and a human-written AI policy mapped to NIST AI RMF and ISO 42001, delivered within 24 hours.

Updated July 2026

The AI Policy Blueprint is a free service for firms that need an AI policy, or want to know where they stand before writing one. It has two parts: an instant snapshot that runs on screen in about three minutes, and a concierge policy written for the firm by a person and delivered within 24 hours. Both are free for companies in the US and UK.

The instant snapshot

The snapshot asks a short set of questions across eight areas: the policy itself, the data that can enter AI tools, approved tools, visibility into AI use, human oversight, vendors and agentic AI, records and evidence, and training and response. The result is computed from the answers, not AI-generated, and it renders on screen with no account. An email is optional; it sends the full PDF report, and nothing is withheld without it.

What comes back:

  • The rules that apply to the firm, pulled from where it operates, its sector, and the data its AI tools touch.
  • Coverage of the NIST AI RMF across its four functions: Govern, Map, Measure, and Manage.
  • The ISO 27001 to ISO 42001 map: which security controls already in place carry into an AI management system, what ISO 42001 adds for AI, and what stays security-only.
  • Where each of the eight areas stands, and practical next steps for the area that needs attention first.

The 24-hour concierge policy

The second door is for firms that want the policy itself. A compliance professional reads the intake and writes an AI governance policy for the firm, its sector, and where it operates, then sends it within 24 hours. It is human-built, not generated from a template, and it is free. The service is provided by Proxara cofounder Hemanth Tadepalli, a cybersecurity and compliance practitioner whose work spans Mandiant, Google, and May Mobility, with an M.S. in Cybersecurity from UC Berkeley.

The policy is aligned to NIST AI RMF and ISO 42001, with a regulatory cross-walk for the sector and a one-page quick-card a team can actually use. It runs from purpose, scope, and roles (with a named accountable owner) through approved and prohibited tools, data classification, human oversight, vendor and agentic AI, monitoring and records, incident handling, training, and enforcement. Appendices include an approved-tool register, a data-handling matrix, and an employee quick-card. The firm's counsel reviews and ratifies it before it becomes firm policy.

The frameworks it maps to

  • NIST AI RMF 1.0. A voluntary framework, not a certification. The snapshot shows how a firm's answers cover its four functions.
  • ISO/IEC 42001:2023. The AI management standard, mapped control by control against ISO/IEC 27001:2022. The full cross-walk is downloadable as a spreadsheet or a PDF.
  • The rules that reach the firm. US federal and sector rules (SEC, FINRA, HIPAA, IRS Section 7216, ABA guidance, the NAIC model bulletin), state overlays for California, Colorado, Illinois, New York, Texas, and Utah, the EU AI Act where AI output is used in the EU, and the UK stack (UK GDPR, the DSIT principles, FCA and SRA expectations).

How to get it

Open the AI Policy Blueprint and pick a door: run the snapshot, or request the written policy directly. No card, no account, no obligation. It is a planning tool, not a compliance audit, legal advice, or a certification.