The Manager's Specific Responsibilities

This is a member-only chapter. Log in with your Signal Over Noise membership email to continue.

Module 5 · Section 6 of 7

The Manager’s Specific Responsibilities

If you manage people who use AI tools, your responsibilities beyond the policy itself:

Model the behaviour. If you are openly using consumer ChatGPT to process client materials while telling your team not to, the policy is decorative. What you do visibly sets norms more effectively than what you write.

Remove the friction from the safe option. If using the approved enterprise tool requires three extra steps, a separate login, and a slower interface, people will use the convenient one. Reducing friction on the approved path is infrastructure work, but it directly drives compliance.

Have the conversation when something goes wrong. The instinct when a team member reports a potential data mistake is to address the mistake and move on. The conversation about why it happened — what they were trying to accomplish, what made the risky option seem reasonable — is more valuable for preventing the next one.

Stay current. The threat landscape has shifted every six months for the past two years. A policy written in early 2023 is probably missing attack types that emerged later. A review once or twice a year, using the framework in Module 2 as a reference, is realistic and sufficient.

Previous A Minimal Workable Policy

Next The Harder Conversation