The value of any AI tool worth using comes from one thing: access to your data. A meeting-notes assistant is only useful once it’s in your calendar. A sales copilot is only useful once it can see the CRM. A document Q&A tool is only useful once it can read the drive. That is the design — and it is also, without any exaggeration, the entire risk profile.
The good news is that the questions you need to answer before connecting one are neither long nor especially technical. Most of them take an afternoon between IT, legal, and the person who wants the tool. What follows is the checklist we run with clients when they ask “can we plug this in?” — the seven questions that decide whether the answer is yes, not yet, or no.
Why this decision is bigger than it feels
A single “connect” button on a slick modern interface obscures how much you are actually agreeing to. A sample: some integrations grant read access to every message in every inbox in the tenant, forever, and cannot be scoped down. Others share your documents into a training corpus that other customers will benefit from. Others are perfectly well-behaved but rely on a vendor whose security posture won’t survive a real breach.
You do not need to be paranoid — you need to be deliberate. Answering the seven questions below turns “this looks cool” into a real decision your future self, your customers, and your auditor will thank you for.
1 · Is this data okay to share at all?
Every dataset in your business falls somewhere on a sensitivity ladder: public, internal, confidential, restricted. If you don’t have that ladder written down yet, this is the moment to sketch it. Two rungs will do to start: okay to share with outside servicesand not okay to share with outside services without specific controls.
Client PII, financials, health information, unreleased IP, and any data governed by a contract or regulation belong on the second rung by default. If the AI tool would only ever touch data from the first rung, the rest of the checklist is a formality. If it would touch anything from the second, keep reading.
2 · What is the tool actually being asked to do?
The narrower the purpose, the safer the deployment. “Summarize internal meeting notes” is a purpose. “Help us with stuff” is not. Write down, in a sentence, what problem the tool is solving and who’s allowed to use it for that. Anything outside that sentence is out of scope.
A useful test: could you show that sentence to a customer or an auditor and defend it? If yes, you’re on solid ground. If it makes you fidget, the scope isn’t defined tightly enough yet.
3 · How long will the vendor keep it?
Data that lives forever is data that will eventually leak. Ask the vendor two direct questions: how long is your data retained on their systems by default, and can that be reduced. The best answers are “we don’t retain prompts or outputs after the session” or “retention is configurable, and here’s the setting.” The worst is silence, or a link to a policy that reserves the right to keep everything indefinitely.
4 · Are the terms what you think they are?
Two clauses matter more than the rest of the contract combined. First, will the vendor train their models on your data. The right answer, contractually, is no — and it needs to be written into the DPA, not promised in a marketing page. Second, what happens to your data if the vendor is acquired, wound down, or breached. If the terms are silent on that, assume the worst answer.
A signed data processing agreement, a current SOC 2 Type II report, and a clear no-training clause are the minimum three artifacts to collect before the tool touches production data. They are not theater — they are the trail an incident investigator will follow if you ever need to.
5 · Who is signing in, and how?
The fastest way to lose control of an AI integration is to let employees log in with personal accounts. When someone leaves the company, that integration and its data go with them — silently, because nothing in your identity system says they had it in the first place.
Put the tool behind your SSO. Require MFA. Give it a shared service-account identity if the vendor supports it, so no one person’s login controls the connection. And put a joiner-mover-leaver check on the offboarding runbook that includes AI tool access, not just email and Slack.
6 · What proof will you have later?
Something will eventually go wrong — a leaked answer, a wrong recipient, a customer complaint, a regulator asking what happened. The only thing that separates a five-minute answer from a multi-week forensic engagement is whether you have logs.
At a minimum, capture and retain: who used the tool, when, for what purpose, on which dataset, and whether the vendor recorded the prompt and output. Ninety days is a reasonable retention window for most SMBs; longer if you’re in a regulated industry. If the tool doesn’t expose this at all, that is a red flag; if it exposes it only on a higher tier, buy the higher tier.
7 · Can you turn it off cleanly?
The final question — the one people forget to ask until they need it — is whether you can revoke the tool cleanly. Ideally, one click in your identity provider or your Microsoft 365 admin center revokes the integration, terminates the sessions, and deletes the cached data. In practice, some vendors make this hard, and some data doesn’t come back once it’s left the tenant.
Ask the vendor exactly what happens when you revoke access — is the prompt history purged, are model weights unaffected, are backups included in the deletion. Write down the answer. When the day comes that you need to disconnect, you don’t want to be learning it from a support ticket.
Where a partner fits
Running the seven questions once is easy. Running them consistently, for every new tool a growing team wants to try, is where most organizations quietly fall behind. That’s the muscle we build with the businesses we work with: an intake path that’s fast enough to actually use, a review that lands in a day rather than a month, and a paper trail that satisfies your carrier and your board.
If your team is asking to connect AI to real business data and you’d rather answer them well than say no, we’ll stand up the process with you — plain English, sane defaults, and a decision record you can hand to anyone who asks.

