One AI safety habit every two-person startup should keep
You don't need an AI governance framework when you're two people. You need one habit: a written register of every model, prompt, and data flow that touches customer data. Five minutes per change. It unlocks enterprise sales and pre-stages ISO 42001 later.
The register is one document. Columns: model name, vendor, what data is sent, how long the vendor retains it, the prompt template (or a link to it), who approved the change, date.
Every time you swap models, change a prompt that touches PII, or onboard a new vendor, you add a row. Five minutes. That's the whole habit.
Why it matters early: enterprise procurement teams ask for this document, not for a certification. Having it pre-built closes deals 3+ months faster than building it during the deal.
It's also the first artefact an ISO 42001 auditor requests if you certify later. Starting at two people means you don't have to reconstruct history at twenty.
“AI safety at two people is one document, updated when things change. Anything more is theatre. Anything less is unsellable to enterprise.”
Sources
Move from question to traction with Grower.
Try Grower
