This control plane turns employee AI policy and review data into one buyer-readable surface: missing acceptable-use evidence, training-readiness drift, exception blockers, and the exact packet sequence needed before a workforce AI policy or elevated-access exception program goes broad.
| Gap | Owner | Subject | Principal | Message |
|---|---|---|---|---|
| high acceptable-use-gap |
Security Awareness Governance | AI acceptable-use refresh AUP-1008 Entra + LMS + Intranet |
— | AI acceptable-use refresh still has open acceptable-use debt against the enterprise-ai-policy packet packet. |
| high acceptable-use-gap |
Identity Governance | Privileged-user AI exception program AUP-3112 CyberArk + Entra + Intranet |
— | Privileged-user AI exception program still has open acceptable-use debt against the exception-approval packet packet. |
| high missing-policy-attestation |
Security Awareness Governance | AI acceptable-use refresh PolicyEvidence Enterprise acceptable-use evidence |
ai-aup-v3 | Policy evidence still does not reconcile legal language, manager guidance, and employee-facing acceptable-use text. |
| high stale-open-packet |
Security Awareness Governance | PolicyEvidence Enterprise acceptable-use evidence |
ai-aup-v3 | PolicyEvidence evidence has been open longer than the employee AI policy review SLA. |
| high missing-exception-approval |
Identity Governance | Privileged-user AI exception program Exception Privileged-user exception handling |
ai-exception-admins | Exception safeguards are incomplete for privileged-user AI access; the expansion could ship before exception criteria and approvals are locked. |
| high stale-open-packet |
Identity Governance | Exception Privileged-user exception handling |
ai-exception-admins | Exception evidence has been open longer than the employee AI policy review SLA. |
| high missing-exception-approval |
Identity Governance | Privileged-user AI exception program Approval Exception approval chain |
ai-exception-approval | The privileged-user exception rollout still lacks one owner-safe approval chain for security, HR, and platform governance. |
| high high-severity-unassigned |
HR + Security Enablement | Approval Exception approval chain |
— | A high-severity employee AI policy packet is still unassigned. |
| high stale-open-packet |
HR + Security Enablement | Approval Exception approval chain |
ai-exception-approval | Approval evidence has been open longer than the employee AI policy review SLA. |
| medium workflow-gap |
Security Awareness Governance | AI acceptable-use refresh AUP-1008 Entra + LMS + Intranet |
— | Owner-safe routing is degraded; policy, training, exception, and manager review are still split across teams. |
| medium missing-policy-attestation |
Identity Governance | Privileged-user AI exception program AUP-3112 CyberArk + Entra + Intranet |
— | The rollout is in exception flow but does not currently show a clean acceptable-use evidence packet in the review queue. |
| medium workflow-gap |
Identity Governance | Privileged-user AI exception program AUP-3112 CyberArk + Entra + Intranet |
— | Owner-safe routing is degraded; policy, training, exception, and manager review are still split across teams. |
| medium missing-training-readiness |
Learning Operations | AI acceptable-use refresh Training Training completion readiness |
ai-training-wave-1 | The launch packet still lacks one consolidated training-readiness artifact for the employee-facing acceptable-use rollout. |
| medium stale-open-packet |
Learning Operations | Training Training completion readiness |
ai-training-wave-1 | Training evidence has been open longer than the employee AI policy review SLA. |