Most AI initiatives stall not because the technology fails, but because the organisation around it isn’t ready — the data is messy, no one owns governance, staff are untrained, or a privacy gap goes unnoticed. This 30-point checklist scores your readiness across the five areas that actually determine whether AI sticks.
How it works
The checklist is split into five weighted areas: data readiness, tooling and infrastructure, team skills, governance and process, and security and privacy. You tick the statements that are genuinely true today. The tool then computes an overall readiness percentage, breaks the score down by area, and highlights your weakest area as the place to fix first.
The breakdown matters more than the headline number. A team can have excellent tooling and still be unsafe to scale if security scores near zero — so a single weak area is treated as a blocker, not a rounding error.
How to use the result
- 80%+ — You have the foundations to scale AI across teams. Focus on measuring impact and expanding proven use cases.
- 50–79% — You are pilot-ready. Run scoped pilots while closing the gaps the breakdown surfaces.
- 25–49% — Early. Build data, policy, and training foundations in parallel with one small, low-risk experiment.
- Under 25% — Not ready for broad rollout. Start with security and data basics before introducing AI tools widely.
Re-run the assessment each quarter. Watching the weakest area climb is a better progress signal than any single launch.
Why organisations fail at AI adoption — and what this checklist addresses
Most failed AI initiatives share one of five root causes: data that turns out to be too messy to use reliably, a tooling choice that does not fit the team’s actual workflows, staff who were handed a tool without any training or context, a governance vacuum that lets the initiative proceed without anyone responsible for outcomes, or a privacy gap that creates legal exposure. The five sections of this checklist map directly onto those five failure modes.
Checking one box in a section does not make that area safe. The checklist is intentionally strict: “we use some structured data” does not warrant the same tick as “our data is documented, cleaned, and version-controlled with lineage tracking.” The tool is designed to surface honest gaps, not to let you feel ready before you are.
What each section covers
Data readiness examines whether your data is available, clean, labelled, and governed. AI systems are only as good as the data they run on; this section is where the most expensive surprises tend to hide. If you cannot describe the lineage and quality of your data honestly, score it low.
Tooling and infrastructure covers whether the right technology is in place — not necessarily the newest or most expensive, but the right fit for the use case. This includes compute access, integration with existing systems, and a sensible evaluation environment before production rollout.
Team skills assesses whether the people who will build and use the AI systems have the knowledge to do so. This covers both technical staff (who need prompt engineering, evaluation, and MLOps skills) and non-technical users (who need to understand outputs critically rather than trust them blindly).
Governance and process covers the decision-making structures that turn AI from an experiment into a managed programme. Who owns outputs? What is the appeal process when a user disputes an AI decision? How are model updates logged and communicated? Absent answers mean absent accountability.
Security and privacy is the section that can create irreversible harm fastest. Data leaks, prompt injection vulnerabilities, regulatory breaches, and training on personal data without a lawful basis are all failures that start here. Treat any low score in this section as a blocker regardless of the overall total.
Interpreting gaps
When the checklist surfaces a gap, the right response is nearly always “fix this before scaling,” not “work around it.” A data governance gap does not disappear when you deploy to more users; it amplifies. A security control that is missing in a small pilot is missing in the production system the pilot grows into.
The one exception is a controlled, time-limited experiment with explicit safeguards. Running one low-risk AI pilot while building the foundation in parallel is a reasonable strategy. Running ten pilots across different business units without governance is not.