Your business uses AI. Prove you use it responsibly.
Sooner or later, a prime, a contracting officer, or a client will ask. RefugiumData makes sure you have a real answer: written policies, a vetted tool stack, and evidence that holds up.
The questions are already in the solicitations.
AI questions now appear where your revenue lives — proposal evaluation criteria, prime flow-downs, teaming due diligence, client contracts. “We’re careful with ChatGPT” is not an answer. A one-page policy, a documented review process, and a vetted tool stack is.
You don’t need an AI governance department. You need a defensible baseline — built once, maintained deliberately — so AI stays an advantage instead of an exposure.
Assess. Establish. Maintain.
Assess
We map how AI is actually used in your business — not how the policy binder says it is — and locate the risk.
Establish
We build your baseline: acceptable use policy, client disclosures, security plan, vendor vetting.
Maintain
We keep it current as tools change, rules change, and contracts start asking harder questions.
Fixed scope. Fixed price. No meter running.
AI Readiness & Risk Assessment
$4,500
Know where you stand before someone else tells you.
- Structured intake and AI usage mapping
- Risk review of every AI tool your team touches
- Gap findings with a prioritized roadmap
50% credits toward the Starter Package within 60 days
AI Governance Starter Package
$6,500
Your baseline, in writing, in weeks.
- AI Acceptable Use Policy — one page, plain language, no legalese
- Client-facing AI disclosure notice
- Written information security plan covering AI and PII
- Vendor risk summary for your full tool stack
- One live training session for your team
Framework Gap Analysis
from $9,500
For firms that answer to a framework.
- NIST AI RMF or ISO/IEC 42001 alignment review
- Gap register with a remediation roadmap
- Evidence checklist built for proposal responses and prime due diligence
The governance workstream, delivered by a certified small business.
Putting AI inside a federal delivery? RefugiumData takes the workstream your engineers don’t want and your evaluators will read closely: risk assessments, policy frameworks, human-in-the-loop review design, and the compliance evidence behind them. We’re an SBA-certified WOSB/EDWOSB — subcontracting-goal credit and a partner who has written winning federal proposals from the inside.
Governance that stays current — without the full-time hire.
Baselines age. Tools update, rules shift, and a new solicitation asks a question last year’s policy can’t answer. The retainer makes RefugiumData your named AI governance resource: policies maintained, tools re-vetted quarterly, training refreshed — and when a prime or contracting officer calls, you have someone to point to.
Essential
$2,500/mo
Policy maintenance, quarterly tool-stack review, direct email access.
Standard
$4,000/mo
Everything in Essential, plus a monthly working session, training refreshers, and support answering AI questions in proposals.
Named Resource
$6,000/mo
Everything in Standard, plus named-resource status for prime and CO inquiries and an annual re-assessment, included.
Not ready for monthly? An annual compliance check-up — $3,500 — keeps your baseline honest year to year.
Compliance experience first. AI expertise built on top.
RefugiumData pairs two disciplines that rarely share an office. Fifteen years of federal compliance work — Section 508 audits, capability maturity assessments, CMMI evidence development — sets the governance foundation. A dedicated technical partner brings hands-on AI engineering depth.
Most governance consultants can’t build what they audit. Most AI engineers can’t document what they build. We do both — so your policies match your systems, and both hold up when someone checks.
DHS Trusted Tester · AWS Certified AI Practitioner · ISC2 Certified in Cybersecurity · CF APMP · SBA WOSB/EDWOSB
Learn it, license it, or bring us in.
Not every firm starts with an engagement — and not every firm needs to. We teach teams to govern their own AI use, and we license the same materials our clients rely on, with the guidance built in.
Team workshops
Half-day sessions on acceptable use, tool vetting, and human review. Your team leaves with working drafts, not notes.
Policy toolkits
Licensed templates and prompt kits for self-guided implementation.
See the work before you buy it.
Every engagement ends in documents your team will actually use — not a slide deck that goes in a drawer. Review redacted samples of the acceptable use policy, disclosure notice, and vendor risk summary before you spend a dollar.
Start with the assessment.
One engagement. A clear picture of your AI risk. A roadmap you can act on — with us or without us.
Book an AI Readiness Assessment