canadian AI risk & navigation

A field guide for governing the AI you already use.

Most of the AI in your business didn't arrive with a press release. It showed up inside Word, Outlook, Zoom, your CRM. CAIRN helps small Canadian teams keep track of all of it, agree on what it must never do, and write a policy you can actually stand behind.

Everything stays in your browser. Nothing is uploaded, no account required. Export to a file whenever you want a backup or to share with your team.

Start with the Inventory → How it works

inventory

—

systems on your list

Open the Inventory →

redlines

—

lines you've drawn

Open Redlines →

policy

—

ready to download

Open Policy →

reviews

Coming next. Periodic check-ins for each system on your list.

Grounded in established frameworks

CAIRN's structure follows the NIST AI Risk Management Framework (AI RMF 1.0) — Govern, Map, Measure, Manage — and adapts ideas from the AIGN SME & Startup framework. Privacy guidance reflects the Office of the Privacy Commissioner of Canada's principles for responsible generative AI under PIPEDA.

First time here? Start with these three.

Take ten minutes to write down what's in use. Open the Inventory. We've pre-listed common tools that quietly added AI features — Microsoft 365, Google Workspace, Salesforce, Zoom. Tick what your team actually uses, then refine each entry when you have a moment.
Agree on what AI must never do here. Open Redlines and walk through the preset list with whoever needs to be in the room. Keep what fits, edit the language to match how your team actually talks, add your own.
Export a copy, somewhere safe. Use Export on any page to download a JSON file of everything. Keep it on a shared drive. That's your governance record.