Frequently Asked Questions

Genuinely tailored — not a template with your name dropped in. When you complete the intake assessment, your answers about your industry, AI tools, team size, client-facing work, and regulatory context directly shape every clause in your documents. A healthcare practice gets different provisions to a legal firm, which gets different provisions to a tech consultancy.

The underlying policy frameworks and regulatory references are consistent across all packs (they have to be — the law is the law), but the specific language, examples, permitted tools, risk ratings, and staff guidance are generated for your business specifically.

All 7 governance documents are delivered as Microsoft Word (.docx) files, so you can edit them, add your logo, adjust formatting, and customise anything further. The implementation guide is delivered as a PDF.

Word format means you own the documents completely — no subscription, no platform lock-in, no need to log in anywhere to access them.

Yes — completely. Once you download your pack, the documents are yours to edit freely. You can add your branding, adjust the language to match your internal style, add specific provisions for your situation, or remove anything that doesn't apply.

We recommend reviewing the documents with your team before finalising and distributing them. The Full pack + consult tier includes a 60-minute session where we review the documents with you and make any adjustments needed.

The Full pack includes:

1. AI Acceptable Use Policy — sets out what AI use is permitted and prohibited, staff responsibilities, and consequences.
2. AI Risk Assessment — 28 pre-populated risks rated for your context, informed by NIST AI RMF 1.0.
3. AI Vendor Due Diligence Checklist — 44-item checklist for assessing any AI tool before adoption.
4. AI Incident Response Plan — step-by-step response process covering NDB scheme and OAIC notification obligations.
5. AI Transparency Statement — internal governance and a client-facing disclosure statement.
6. AI Register — a living record of all approved AI tools, incidents, and vendor assessments.
7. AI Governance Implementation Guide — a step-by-step rollout plan for putting your governance framework into practice.

Under 10 minutes. The assessment covers your industry, team size, the AI tools you use, your client data handling practices, and your regulatory context. There are no trick questions — just straightforward questions about how your business operates.

Once you submit, your pack is generated immediately. Most customers receive their complete pack within a few minutes of completing the assessment.

The assessment includes an "other" option with a free-text field where you can describe your industry. Our system will use that description to tailor your documents appropriately.

If you're in a highly regulated sector with specific requirements (e.g. financial services under ASIC or APRA regulation, or healthcare under AHPRA), we recommend the Full pack + consult tier so we can review your documents with you and add any sector-specific provisions you need.

The governance frameworks, policy structures, and regulatory content behind Govena were developed by a PhD-qualified AI governance specialist with expertise in Australian privacy law, AI ethics, and risk management frameworks.

The documents are informed by NIST AI RMF 1.0, Australia's AI Ethics Principles, the Voluntary AI Safety Standard, ISO/IEC 42001:2023, and the Australian Privacy Act 1988. They are not generic templates — they are built from the ground up for the Australian SME context.

No — Govena does not provide legal advice, and the governance pack is not a substitute for legal advice specific to your situation. The documents are governance frameworks informed by Australian law and leading AI governance standards.

For most SMEs, the pack provides a solid, practical governance foundation. If your business has complex regulatory obligations (e.g. financial services, health records, or government contracting), we recommend having a lawyer review the documents for your specific circumstances. The Full pack + consult tier can also help identify any gaps for your situation.

The Australian Government's National AI Centre publishes a free AI policy template — it's a useful starting point, but it's a single generic document designed for any organisation. Govena provides seven tailored documents specific to your business, industry, AI tools, and regulatory context.

The difference is between a blank policy skeleton and a complete, populated governance system. Govena also covers areas the government template doesn't — vendor due diligence, incident response, staff training records, an AI register, and client-facing transparency statements.

From 10 December 2026, amendments to the Privacy Act 1988 require APP entities (organisations with annual turnover above $3 million, plus health service providers and some others regardless of turnover) to notify individuals when automated decision-making (ADM) — including AI — significantly affects them.

This means if you use AI to make decisions about clients, customers, or employees in ways that significantly affect them, you will need to disclose this. Govena's AI Transparency Statement covers these obligations directly. Read our full guide →

Yes. The Notifiable Data Breaches (NDB) scheme requires APP entities to notify the OAIC and affected individuals when an eligible data breach occurs — including breaches involving AI systems or AI-processed data.

The AI Incident Response Plan in your pack includes specific guidance on identifying eligible data breaches, the 30-day notification timeline, and the process for notifying the OAIC and affected individuals.

Possibly — it depends on your business type. The $3M threshold applies to general APP entity obligations, but there are important exceptions:

Health service providers are covered by the Privacy Act regardless of turnover. If you're an allied health practice, dental clinic, psychology practice, or similar — the Act applies to you even if you're small.

Beyond legal obligations, there are strong commercial reasons for governance regardless of size: clients increasingly ask about AI governance in due diligence, enterprise clients and government agencies require it from suppliers, and having a clear policy protects you if something goes wrong.

Yes — Australian AI regulation is evolving quickly, and your governance documents should be reviewed at least annually. The implementation guide included in your pack outlines a recommended maintenance schedule.

We are working on an annual update service that will allow you to refresh your pack as the regulatory landscape changes. In the meantime, if there are significant regulatory changes that affect your documents, we will notify customers by email.

Yes — all prices displayed on the Govena website are inclusive of GST. The Full pack is $499 (inc. GST) and the Full pack + consult is $1,199 (inc. GST). A tax invoice will be issued with your purchase.

No. Govena is a one-time purchase — there are no subscriptions, no per-user fees, and no ongoing costs. You pay once, receive your pack, and it's yours to keep indefinitely.

We are developing an optional annual update add-on (~$199) for customers who want their documents refreshed as the regulatory landscape evolves. This will be entirely optional.

The Full pack + consult ($1,199 inc. GST) includes everything in the Full pack, plus:

— A 60-minute video consultation with an AI governance specialist
— An expert review of your tailored pack
— An implementation action plan specific to your business
— 30-day email support for follow-up questions

The consultation is scheduled after you receive your pack, so you can review the documents beforehand and come with specific questions.

The Bespoke advisory tier is for organisations with more complex needs — those in heavily regulated industries, larger teams, multi-entity structures, or those requiring custom policy development beyond the standard pack.

Pricing is scoped based on your specific requirements. Email us → to discuss what you need and we'll provide a proposal.

Because the governance pack is a digital product generated specifically for your business, we are unable to offer refunds once the documents have been generated and delivered.

If you have concerns about whether the pack is right for your business before purchasing, please Email us → — we're happy to answer questions to help you decide.

Your pack includes a PDF implementation guide with a step-by-step plan. The short version:

Week 1: Review all documents, customise any specific details, get sign-off from leadership.
Week 2: Share the Acceptable Use Policy with all staff and populate the AI Register with your current tools.
Ongoing: Use the Vendor Checklist before adopting any new AI tool, review and update documents annually, and use the Incident Response Plan if anything goes wrong.

Yes. The AI Transparency Statement in particular is designed to be shared with clients — Part B is a client-facing disclosure statement ready to publish on your website, include in client agreements, or share on request.

The other documents (policy, risk assessment, etc.) are primarily internal governance documents. You can share them with clients if they request evidence of your AI governance practices, which is increasingly common in professional services due diligence.

This is very common — most businesses find their teams are using more AI tools than they realised once they start looking. The AI Register in your pack is designed exactly for this situation.

The recommended first step is to run an AI tool audit: ask your team what tools they're using and for what. Then use the Vendor Due Diligence Checklist to assess each tool and decide which to formally approve, which to prohibit, and which need further review. The Acceptable Use Policy then sets out the rules for ongoing use.