Your business uses AI. Prove you use it responsibly.

Sooner or later, a prime, a contracting officer, or a client will ask. RefugiumData makes sure you have a real answer: written policies, a vetted tool stack, and evidence that holds up.

Why now

The questions are already in the solicitations.

AI questions now appear where your revenue lives — proposal evaluation criteria, prime flow-downs, teaming due diligence, client contracts. “We’re careful with ChatGPT” is not an answer. A one-page policy, a documented review process, and a vetted tool stack is.

You don’t need an AI governance department. You need a defensible baseline — built once, maintained deliberately — so AI stays an advantage instead of an exposure.

How it works

Assess. Establish. Maintain.

Step 1

Assess

We map how AI is actually used in your business — not how the policy binder says it is — and locate the risk.

Step 2

Establish

We build your baseline: acceptable use policy, client disclosures, security plan, vendor vetting.

Step 3

Maintain

We keep it current as tools change, rules change, and contracts start asking harder questions.

Fixed-scope packages

Fixed scope. Fixed price. No meter running.

Assess

AI Readiness & Risk Assessment

$4,500

Know where you stand before someone else tells you.

  • Structured intake and AI usage mapping
  • Risk review of every AI tool your team touches
  • Gap findings with a prioritized roadmap

50% credits toward the Starter Package within 60 days

Establish

AI Governance Starter Package

$6,500

Your baseline, in writing, in weeks.

  • AI Acceptable Use Policy — one page, plain language, no legalese
  • Client-facing AI disclosure notice
  • Written information security plan covering AI and PII
  • Vendor risk summary for your full tool stack
  • One live training session for your team
Establish

Framework Gap Analysis

from $9,500

For firms that answer to a framework.

  • NIST AI RMF or ISO/IEC 42001 alignment review
  • Gap register with a remediation roadmap
  • Evidence checklist built for proposal responses and prime due diligence
Teaming & subcontracting

The governance workstream, delivered by a certified small business.

Putting AI inside a federal delivery? RefugiumData takes the workstream your engineers don’t want and your evaluators will read closely: risk assessments, policy frameworks, human-in-the-loop review design, and the compliance evidence behind them. We’re an SBA-certified WOSB/EDWOSB — subcontracting-goal credit and a partner who has written winning federal proposals from the inside.

Discuss a teaming arrangement →

Maintain

Governance that stays current — without the full-time hire.

Baselines age. Tools update, rules shift, and a new solicitation asks a question last year’s policy can’t answer. The retainer makes RefugiumData your named AI governance resource: policies maintained, tools re-vetted quarterly, training refreshed — and when a prime or contracting officer calls, you have someone to point to.

Essential

$2,500/mo

Policy maintenance, quarterly tool-stack review, direct email access.

Standard

$4,000/mo

Everything in Essential, plus a monthly working session, training refreshers, and support answering AI questions in proposals.

Named Resource

$6,000/mo

Everything in Standard, plus named-resource status for prime and CO inquiries and an annual re-assessment, included.

Not ready for monthly? An annual compliance check-up — $3,500 — keeps your baseline honest year to year.

Start with an assessment — every retainer begins with one

Why RefugiumData

Compliance experience first. AI expertise built on top.

RefugiumData pairs two disciplines that rarely share an office. Fifteen years of federal compliance work — Section 508 audits, capability maturity assessments, CMMI evidence development — sets the governance foundation. A dedicated technical partner brings hands-on AI engineering depth.

Most governance consultants can’t build what they audit. Most AI engineers can’t document what they build. We do both — so your policies match your systems, and both hold up when someone checks.

DHS Trusted Tester · AWS Certified AI Practitioner · ISC2 Certified in Cybersecurity · CF APMP · SBA WOSB/EDWOSB

Workshops & toolkits

Learn it, license it, or bring us in.

Not every firm starts with an engagement — and not every firm needs to. We teach teams to govern their own AI use, and we license the same materials our clients rely on, with the guidance built in.

Team workshops

Half-day sessions on acceptable use, tool vetting, and human review. Your team leaves with working drafts, not notes.

Ask about a workshop →

Policy toolkits

Licensed templates and prompt kits for self-guided implementation.

Proof

See the work before you buy it.

Every engagement ends in documents your team will actually use — not a slide deck that goes in a drawer. Review redacted samples of the acceptable use policy, disclosure notice, and vendor risk summary before you spend a dollar.

View sample deliverables →

Start with the assessment.

One engagement. A clear picture of your AI risk. A roadmap you can act on — with us or without us.

Book an AI Readiness Assessment