Ai Tool Access Request Workflow

Step 2: Create Jira Request Template

Set up a Jira issue type "AI Tool Access Request" with these fields:

Step 3: Configure Jira Automation

Set up automation rules:

1. Auto-assign tier — Based on "Data Types Involved" selection, auto-label the tier
2. Route to reviewers — Tier 1: auto-approve and notify manager. Tier 2: assign to security team queue. Tier 3: create sub-tasks for each reviewer
3. SLA tracking — Set due dates based on tier SLA
4. Escalation — Auto-escalate if SLA is breached (notify reviewer's manager)

Step 4: Set Up Slack Notifications

Configure Slack integration:

• #ai-tool-requests channel: Post new requests and status updates
• DM to requester: Notify when status changes (approved, needs more info, denied)
• DM to reviewers: Alert when a new request needs their review
• Weekly digest: Summary of pending requests to the security team channel

Step 5: Create Runbook

Provide a runbook for the security review team:

1. Vendor assessment checklist — SOC2 compliance, data retention policy, encryption, subprocessors
2. Data flow diagram template — Where does data go when using this tool?
3. Decision matrix — Standard criteria for approve/deny/conditional approval
4. Conditional approval template — Approved with restrictions (e.g., no PII, VPN required)
5. Denial template — Professional denial with alternative tool suggestions

Output

The workflow produces:

• A Jira project board with the request intake process
• Slack channel integration for visibility
• Automation rules for routing and SLA tracking
• Templates for security review decisions