AI Tool Register
A living register of the AI tools your comms team uses: what each is approved for, what data it may handle, who owns it and when it was last reviewed. The single source of truth your AI use policy points to.
What it is
The AI Tool Register is the inventory your AI use policy depends on. Rather than naming tools inside a policy where they quickly go out of date, you keep one live list: every AI tool the team uses, what it is approved for, what data it may handle, who owns it and when it was last reviewed.
Most comms teams do not actually know their full AI tool estate. People sign up for tools individually, free tiers proliferate, and a “shadow” set of tools grows that nobody has assessed. The register surfaces this. It is also the practical mechanism for handling new tools: someone wants to use something new, it gets assessed against your criteria, and it goes on the register as approved, trial or declined.
This is a maintenance document by nature. Its value is entirely in being current. A register last updated a year ago is a snapshot of a team that no longer exists.
When to use it
Use this template when:
- You are not certain which AI tools your team is actually using
- Your AI use policy needs a live list of approved tools to point to
- Someone wants to adopt a new tool and you need a consistent way to assess it
- Legal or IT has asked what AI tools touch your work and your data
Don’t use this template when:
- You are doing a deep evaluation of a single tool before adoption (use the AI Tool Evaluation Framework, then record the outcome here)
Inputs needed
- An honest sweep of tools in use, including free and personal accounts
- Each tool’s basic data posture (what it does with inputs, whether there is an admin or enterprise tier)
- The governance criteria you will assess tools against
- A named owner for the register, and an owner for each tool
The template
AI Tool Register
Organisation: [Name] Register owner: [Name and role] Last updated: [Date] Review cadence: [e.g. quarterly]
Approval status key
- Approved – assessed and cleared for the listed use cases and data levels
- Trial – in limited, supervised use while being assessed
- Restricted – permitted only for specific, narrow use
- Declined – assessed and not approved (record why, so it is not re-litigated)
The register
| Tool | Owner | Approved use cases | Data level permitted | Account / tier | Status | Last reviewed | Notes |
|---|---|---|---|---|---|---|---|
| [e.g. Claude] | [Role] | [Drafting, research synthesis] | [Non-confidential only] | [Team / enterprise] | Approved | [Date] | [e.g. enterprise tier, no training on inputs] |
| [e.g. ChatGPT] | [Role] | [Internal drafting] | [Non-confidential only] | [Free / Plus / Team] | [Status] | [Date] | |
| [e.g. Copilot] | [Role] | [] | [] | [] | [Status] | [Date] | |
| [Add rows] |
Governance notes per tool (for higher-risk or higher-use tools)
For your most-used or most-sensitive tools, record a short governance note. These map to the kinds of questions Legal and IT ask.
| Question | [Tool name] |
|---|---|
| What data is entered, and at what sensitivity? | |
| Does the provider train on your inputs? (and how to turn that off) | |
| Admin controls and access management in place? | |
| Is there an audit trail of use? | |
| Key risk notes or conditions of use |
New tool requests
The route for adding something new. Keeps shadow adoption visible.
| Requested tool | Requested by | Intended use | Assessed against criteria? | Decision | Date |
|---|---|---|---|---|---|
How to use this register
[A short note: that only tools with “Approved” or “Restricted” status may be used for work as set out here; that new tools must be requested and assessed, not adopted quietly; and that the register is the list referenced by the AI Use Policy.]
AI prompt
Base prompt
I'm building an AI tool register for a communications team. Help me structure it and pressure-test it.
Tools currently in use (including free and personal accounts I know about):
[LIST tools and roughly who uses them for what]
Our data sensitivity context:
[DESCRIBE the kinds of information the team handles]
Please:
1. Organise these into a clear register with: approved use cases, the data level each should be limited to, a sensible default approval status, and a governance note for the highest-risk ones
2. Flag any tool that, given our data context, should probably be Restricted or Declined and why
3. List the questions I should answer about each tool before marking it Approved
4. Suggest three to five governance criteria to assess any future tool against
Be conservative on data: where a tool's data handling is unclear, default to non-confidential use only.
Prompt variations
Variation 1: Surface shadow tools
Help me run a 'shadow AI' check for a comms team. List the categories of AI tool a comms team commonly adopts informally (writing, images, transcription, research, scheduling, etc.) and, for each, the questions I should ask the team to surface what they are actually using. I want to find the tools that never went through any approval.
Tips for better AI output:
- Be honest about free and personal-account use; that is usually where the real risk sits
- Default to the cautious data level when a provider’s terms are unclear
- Use the AI Tool Evaluation Framework for a proper assessment, then record the result here
Human review checklist
- Complete: the register reflects tools actually in use, including free and personal accounts, not just the official ones
- Data levels set: every tool has a clear permitted data level, defaulting to cautious where unsure
- Status is current: approval statuses reflect a real, recent assessment
- Owners assigned: the register has an owner, and each tool has one
- Provider data handling checked: for key tools, whether the provider trains on inputs (and how to disable it) is recorded
- New-tool route works: there is a visible way to request and assess new tools
- Declined decisions captured: tools that were assessed and declined are recorded with a reason
- Referenced by the policy: the AI Use Policy points to this register as its approved-tools list
Example output
AI Tool Register, Meridian Comms (illustrative extract)
| Tool | Approved use | Data level | Status | Last reviewed |
|---|---|---|---|---|
| Claude (Team) | Drafting, research synthesis | Non-confidential | Approved | Jun 2026 |
| ChatGPT (Free) | Personal upskilling only | None (no work data) | Restricted | Jun 2026 |
| Otter.ai | Internal meeting notes | Internal, no client data | Trial | Jun 2026 |
| [Free image tool] | — | — | Declined | Jun 2026 (unclear rights/data terms) |
Note: illustrative extract. Your register will reflect your own tools and data context.
Related templates
- AI Use Policy (Living) - The policy that points to this register as its approved-tools list
- AI Tool Evaluation Framework - Assess a tool properly before recording the outcome here
- AI Use Review & Risk Log - Review the register on cadence and log tool-related issues
- AI Use Principles - The stance the register’s data and approval decisions reflect
Want your tool estate assessed and kept current? Manage Comms With AI maintains your AI tool register as part of an ongoing governance retainer.
Related templates
Need this implemented in your organisation?
Faur helps communications teams build frameworks, train teams, and embed consistent practices across channels.
Get in touch ↗