Must our company follow NIST AI RMF if no Indonesian regulation explicitly requires it?

It is not legally mandatory. NIST AI RMF is voluntary, yet it has become the de facto standard because it is enforced through large vendor contracts (Microsoft, Google, AWS), through global enterprise clients, and through third-party auditors. Indonesian enterprises that ignore NIST AI RMF will struggle when EU/US clients ask, when ISO/IEC 42001 certification is sought, or when POJK 11/2022 audits (for banking) take place.

How does the program align with the new UU 27/2022 PDP?

Pillar 1 (AI Policy) covers the legal basis for processing each data category by AI (UU PDP Article 20) + retention period + cross-border transfer (Article 56 + Permen Kominfo 9/2024) + data subject rights (Articles 5–14). Pillar 2 (AI Risk Assessment) maps each use case to its PDP risk category. Pillar 4 (capability) trains Legal/Compliance to handle DPIA (Data Protection Impact Assessment) for high-impact AI use cases.

Do we need ISO/IEC 42001:2023 certification?

It is not mandatory in year one. The annual theme focuses on building an auditable governance foundation. ISO/IEC 42001 certification becomes a strategic option in year two or three for enterprises seeking market differentiation (especially with global clients). A readiness assessment can be added to the year-one scope as an add-on.

Can an SOE procure this program through SPSE LKPP?

Yes. We have supplied through SPSE LKPP with full documentation (RKS, HPS, BAST). Envelope follows PMK 39/2024 / SBM K/L. For SOEs with AI in public services, contracts are typically multi-year through RKAP with commissioner approval, aligned with KMP/M.PANRB 8/2023 SPBE.

How does this program relate to a Chief Information Security Officer (CISO) if we don't have one yet?

The CISO becomes the Pillar 3 sponsor (OWASP LLM Top 10 + NIST SP 800-53 technical controls). If the enterprise has no CISO, the sponsor function is temporarily held by the CIO + Head of IT Security with a transition plan discussed by the Steering Committee. This theme often becomes the catalyst for creating a CISO role in year one or two.

What if after the pilot we decide to stop?

The 30-day pilot is an independent contractual commitment. If your organization decides to stop, AI Policy v0.1, AI Risk Assessment template, and pilot materials remain your property. We do not offer retroactive discounts; the pilot experience becomes a governance foundation for any future vendor.

Who from Neksus is the core facilitator for this theme?

Every theme is led by an Account Director + Lead Facilitator with 10+ years in AI governance / cybersecurity / data privacy + an AI Governance Specialist for the NIST AI RMF and ISO/IEC 42001 dimensions + a Curriculum Architect for module design. Team bios are sent before contract signing.

How does Neksus protect the confidentiality of our AI use cases?

Mutual NDA signed before the diagnostic. The client AI Use Case Register and client-specific AI Risk Assessments are used as marketing case studies only with explicit written consent. Neksus team access to client systems is read-only with full audit logs.

How much time does the program need from executive sponsors (CHRO, CIO/CISO, Chief Legal, CFO)?

Quarterly steering committee at 90 minutes (4x/year) + a one-day initial retreat + quarterly board briefing at 90 minutes. Roughly 20 hours per year per sponsor. A realistic time commitment for C-suite executives; without it, an annual theme typically loses momentum at months 6–9, especially for Chief Legal/Compliance who are often overloaded.

Org-Wide Theme

An Organization-Level Safe AI Adoption Program that Holds for a Full Year

An annual theme with four integrated pillars (policy & risk classification, AI Use Case Register, technical controls, governance capability), a structured budget envelope, and a phased rollout from pilot to org-wide. For the CHRO, CIO/CISO, and Chief Legal/Compliance who want AI adoption without UU PDP breaches or reputational shocks.

Program scale: Org-wide (CHRO + CIO/CISO + Legal sponsorship)Program scale
Typical duration: 12 months (renewable)Typical duration
Program pillars: 4: Policy · Register · Technical Controls · Governance CapabilityProgram pillars
Budget envelope: Rp 350M – Rp 2.6B per yearBudget envelope

Short answer

Neksus's Safe AI Adoption program is an annual four-pillar theme for Indonesian enterprises: AI Policy + risk classification aligned with NIST AI RMF, AI Use Case Register with per-use-case AI Risk Assessment, technical controls based on OWASP LLM Top 10, and governance capability for Legal/Compliance/Risk officers. Aligned with UU 27/2022 PDP and ISO/IEC 42001:2023. Rollout phases from 30-day pilot to 90-day wave to 12-month org-wide. Annual envelope Rp 350M – Rp 2.6B.

Annual Theme

Why safe AI adoption must be designed as a year-long theme distinct from general digital transformation

Generic digital transformation centers on efficiency and innovation. Safe AI Adoption centers on the legal, ethical, and reputational risks specific to AI systems — risks that classical IT governance frameworks do not address. The NIST AI Risk Management Framework (NIST AI 100-1, released January 2023) is the most widely adopted public governance backbone, with four core functions: Govern, Map, Measure, Manage. NIST AI 600-1 (GenAI Profile, July 2024) adds 12 generative AI–specific risks (CBRN information, confabulation, dangerous/violent/hateful content, data privacy, environmental, harmful bias, human-AI configuration, information integrity, information security, intellectual property, obscene/abusive/CSAM content, value chain). ISO/IEC 42001:2023 is the first AI Management System Standard that can be certified. OWASP LLM Top 10 (2025 edition) maps technical threats to LLM applications (prompt injection, sensitive information disclosure, supply chain, and more). MITRE ATLAS catalogs adversarial machine learning techniques. In Indonesia, UU 27/2022 Personal Data Protection provides the hard legal basis for AI data processing, with Article 56 governing cross-border data transfer (see also Permen Kominfo 9/2024). Permen Kominfo 20/2016 governs personal data protection in electronic systems. Regulated sectors get additional frameworks: POJK 11/POJK.03/2022 for banking, and EU AI Act Articles 6 and 9 for enterprises with European exposure. This program weaves these frameworks into an executable annual theme.

Safe AI Adoption ≠ generic digital transformation — focused on AI-specific legal/ethical/reputational risks
Public backbone: NIST AI RMF + NIST AI 600-1 GenAI Profile + ISO/IEC 42001:2023
Technical frameworks: OWASP LLM Top 10 + MITRE ATLAS + NIST SP 800-53
Indonesian legal basis: UU 27/2022 PDP + Permen Kominfo 20/2016 + Permen Kominfo 9/2024 (data transfer) + POJK 11/2022 (banking)

UU PDP exposure is real since October 2024

UU 27/2022 PDP took full effect in October 2024 with administrative sanctions up to 2% of annual revenue plus criminal sanctions for serious violations. Employees pasting customer personal data into public AI without a clear legal basis put the enterprise at material fine exposure. Without an AI Policy + risk classification + AI Risk Assessment, that exposure sits at every corner of the organization every day.

Four mandatory sponsors for this theme

A Safe AI Adoption program needs four aligned sponsors: CHRO (capability and behavior change), CIO/CISO (technical controls and tooling), Chief Legal/Compliance (policy and UU PDP), and CFO/COO (budget and operational adoption). AI governance without Legal/Compliance ends as an IT document ignored by the legal team.

NIST AI RMF ≠ ISO/IEC 42001 ≠ EU AI Act

NIST AI RMF is a voluntary risk governance framework. ISO/IEC 42001:2023 is a certifiable management system (third-party audit). EU AI Act is binding regulation with risk-class classification of AI products. Indonesian enterprises typically begin with NIST AI RMF; multinationals with EU exposure add EU AI Act; ISO/IEC 42001 certification becomes a strategic option for enterprises seeking market differentiation.

Program Architecture

Four-pillar integrated architecture

Each pillar has its own audience, modules, and deliverables. The program governance aligns all four under a single annual roadmap.

Pillar 1

Pillar 1 — AI Policy + Risk Classification

Author a full enterprise AI Policy (Acceptable Use, vendor due diligence, data handling, model selection, incident response) and per-use-case risk classification aligned with NIST AI 600-1 GenAI Profile + the 12 risk categories. Modules for Legal/Compliance/Risk plus steering committee ratification.

AI Policy v1.0 ratified by the governing body, communicated to 100% of employees
Per-use-case risk classification (limited / minimal / high / unacceptable) defined
Acceptable Use Agreement signed by 100% of employees via HRIS

Pillar 2

Pillar 2 — AI Use Case Register + AI Risk Assessment

Stand up a live register of every AI use case in the organization with formal AI Risk Assessment (template aligned with NIST AI RMF Map+Measure). Lightweight tooling (Notion/Confluence/internal portal) + AI Council approval workflow.

Live register with 20–60 use cases in year one
100% of high-risk use cases pass formal AI Risk Assessment before going live
Monthly AI Council decision log documented

Pillar 3

Pillar 3 — Technical Controls (OWASP LLM Top 10 + NIST SP 800-53)

Implement technical controls for LLM applications (prompt injection defense, output validation, sensitive data filtering, supply chain checks, logging & audit). Aligned with OWASP LLM Top 10 2025 + MITRE ATLAS + NIST SP 800-53 for enterprises that are also FedRAMP-equivalent.

Mandatory technical control checklist for every AI deployment
Internal eval harness for every high-risk use case
Live AI audit log with UU PDP-compliant retention

Pillar 4

Pillar 4 — Cross-Functional Governance Capability

Train Legal/Compliance/Risk Officer + Tech Lead + Business Representative on the AI governance framework and UU PDP. Intensive cohort of 60–100 hours with a real-use-case AI Risk Assessment capstone. Internal AI Governance Practitioner certification.

10–25 certified internal AI Governance Practitioners
Monthly AI Council with rotating learning sessions on international cases
Liaison with regulators (Kominfo / OJK / sectoral) that stays informed

Annual Budget Envelope

Annual budget envelope by organization size and risk exposure

These ranges cover all four pillars plus governance and change management. AI tool licenses (Claude Enterprise, ChatGPT Enterprise, Bedrock) sit outside this envelope.

Scope	Participants	Budget Range	Notes
Mid-size enterprise (200–500 employees, early AI exposure)	100% Acceptable Use + 12 AI Governance Practitioners + AI Council	Rp 350–700M per year	Suitable for enterprises just beginning AI adoption with limited use cases.
Large enterprise (500–2000 employees, multi-vendor AI)	100% Acceptable Use + 22 AI Governance Practitioners + cross-BU AI Council	Rp 700M – Rp 1.6B per year	Standard 12-month rollout with a live AI Use Case Register.
Enterprise (2000+ employees, AI in client-facing products)	100% Acceptable Use + 40+ AI Governance Practitioners + cross-BU AI Council + regulator liaison	Rp 1.6–2.6B per year	Multi-year contract. Optional ISO/IEC 42001 certification path in year two.
SOE / public agency with AI in public services	Enterprise-tier scheme + SPBE alignment (Perpres 95/2018) + National AI Strategy	Rp 1.2–2.2B per year	Procurement via SPSE LKPP. Aligned with KMP/M.PANRB 8/2023 SPBE. Kominfo + sectoral liaison required.
Enterprise with EU AI Act exposure (multinational / EU market)	Enterprise-tier scheme + EU AI Act Articles 6 + 9 + bilingual ID/EN	Rp 1.5–2.5B per year	Dual-framework NIST AI RMF + EU AI Act. ISO/IEC 42001 certification often becomes the gateway.

Rollout Phases

Rollout phases — 30-day pilot → 90-day wave → 12-month org-wide

Phased rollout lowers legal and technical risk, calibrates the policy, and builds governance success stories.

Pilot — 30 days

Month 1

Validate AI Policy v0.1 and AI Risk Assessment template with one pilot BU + 5–10 existing AI use cases.

AI Policy v0.1 drafted and stress-tested against existing use cases
AI Risk Assessment run for 5–10 pilot use cases
First AI Council convened with weekly pilot rotation
Draft Acceptable Use tested on one pilot BU

Wave 1 — 90 days

Months 2–4

Scale to three priority BUs + ratify AI Policy v1.0 + live AI Use Case Register.

AI Policy v1.0 ratified by steering committee + board
Acceptable Use signed by 100% of employees in three priority BUs
AI Use Case Register live with 15–25 initial entries
First wave of AI Governance Practitioner cohort complete (10 people)

Wave 2–3 — 180 days

Months 5–10

Roll out to the rest of the organization + integrate OWASP LLM Top 10 technical controls.

100% of employees sign Acceptable Use
AI Use Case Register live with 30–60 entries
OWASP LLM Top 10 technical controls in place for all production apps
AI Governance Practitioner cohorts 2 and 3 complete (total 22–40 people)

Sustaining — 60 days + renewal

Months 11–12 + renewal

Formalize the governance operating model + optional ISO/IEC 42001 path.

Monthly AI Council established as a documented standing forum
Capstone presentation to the board: register + risk register + incidents handled
Year-two design (ISO/IEC 42001 path or EU AI Act readiness)
Internal AI Governance Practitioner certification registered with HR

Org-Wide Success Metrics

Organization-level success metrics — compliance + governance quality

Pick 4–6 metrics from this list before the program starts, with agreed thresholds.

Acceptable Use Agreement adoption

100% of employees sign within 12 months

HRIS confirmation

AI Use Case Register completeness

≥ 95% of organization AI use cases registered (quarterly audit)

Quarterly BU spot-audit by AI Council

AI Risk Assessment for high-risk use cases

100% of high-risk use cases pass AI Risk Assessment before going live

AI Council risk register

Certified internal AI Governance Practitioners

15–40 people within 12 months (depending on organization size)

Internal certification + capstone AI Risk Assessment

Material AI incidents

0 material incidents over 12 months (data leak, successful prompt injection, bias with legal impact)

Risk Officer incident log

Time-to-approval for low-risk use cases

≤ 5 business days

AI Council workflow tracker

% of AI vendors that pass due diligence

100% of AI vendors on the register with SOC 2 / ISO 27001 / data residency review

Vendor security register

Decision Aid

Integrated governance program vs Single IT policy vs No AI governance

Three enterprise approaches — with very different risk profiles.

Criterion	Single IT policy	Integrated governance program ★	No AI governance
Typical annual budget	Rp 80–250M	Rp 350M – Rp 2.6B	Rp 0 (explicit)
Material UU PDP exposure	High — policy without enforcement	Low — register + risk assessment + audit	Very high — direct exposure
Legal/Compliance capability on AI	Minimal	High — AI Governance Practitioner cohort	None
Audit readiness (ISO/IEC 42001 / EU AI Act)	Low	High — third-party auditable	Not ready
Material incidents in 12 months	1–3 typical	0 target	3–10 typical

Engagement Path

Neksus engagement flow for an annual theme

1
Kickoff & AI exposure diagnostic (4 weeks)
Weeks 1–4
Two-day workshop with CHRO/CIO/CISO/Legal/CFO + 15 stakeholder interviews + AI exposure audit (existing use cases, AI vendors, data sensitivity). Output: program charter + risk profile + rollout design.
2
30-day BU pilot
Month 2
AI Policy v0.1 drafted, AI Risk Assessment run for 5–10 pilot use cases, Acceptable Use tested. The Neksus team and pilot AI Council work side by side. Weekly retros.
3
Pilot retro & calibration (2 weeks)
Early Month 3
Retrospective workshop with the pilot AI Council. AI Policy revised to v1.0. AI Risk Assessment template calibrated. Wave 1 plan agreed.
4
Wave 1 — three priority BUs (90 days)
Months 3–5
AI Policy v1.0 ratified. Acceptable Use signed by 100% of employees in three BUs. AI Use Case Register live. AI Governance Practitioner cohort 1 starts.
5
Wave 2–3 — remaining BUs + technical controls (180 days)
Months 6–11
Rollout to the rest of the organization. OWASP LLM Top 10 technical controls for production apps. AI Governance Practitioner cohorts 2 and 3. Monthly AI Council established.
6
Capstone & year-two design
Month 12
Capstone presentation to the board: live register, risk register, technical controls. Year-two design workshop (ISO/IEC 42001 path or EU AI Act readiness) with CHRO + CIO + Legal + CFO.

Program Governance

Program governance — who, what role, what cadence

Clear governance keeps the AI Policy alive. Four core layers with distinct cadences.

Steering Committee (CHRO + CIO/CISO + Chief Legal/Compliance + CFO/COO)

Quarterly

Executive sponsorship. Ratify the AI Policy, allocate budget, prioritize the next wave, and resolve cross-BU governance conflicts. Accountable to the board.

AI Council (Legal Lead + Compliance Officer + Risk Officer + Tech Lead + Business Rep)

Monthly + ad-hoc for urgent use cases

Review every new AI use case, AI Risk Assessment, and technical policy. Develop the governance playbook. Approval workflow for high-risk use cases.

Program Office (L&D Lead + PMO + Governance Lead)

Weekly

Operational execution. Scheduling, LMS, communications, AI Council coordination, and reporting up to the steering committee.

Champions Network (AI Liaison per BU)

Weekly check-ins, monthly all-champions

BU point of contact for everything AI governance. Escalate new use cases, drive Acceptable Use awareness, and run quarterly retros.

Neksus Engagement Team (Account Director + Lead Facilitator + AI Governance Specialist)

Weekly steering call + onsite per wave

Co-design the program, facilitate core sessions, calibrate modules, escalate methodology (NIST AI RMF + UU PDP + OWASP LLM Top 10).

Target Participants

Who joins from your organization — an integrated multi-cohort design

The program is a portfolio of parallel cohorts with different curricula.

All-employee Acceptable Use

100% of employees

Every employee (2 hours async + assessment + sign-off via HRIS).

Internal AI Governance Practitioner

15–40 people

Legal lead, compliance officer, risk officer, tech lead, business rep per BU. 60–100 hours of structured learning + capstone AI Risk Assessment on a real use case.

AI Liaison per BU

1 per BU

Mid-level employees with operational credibility as the AI governance point of contact in their BU.

AI Council members

5–10 people

Legal lead + compliance officer + risk officer + tech lead + business rep. Core governance members.

Steering committee

4–5 people

CHRO, CIO/CISO, Chief Legal/Compliance, CFO/COO.

Board briefing

Full board

Quarterly 90-minute session covering register + risk register + material incidents.

Topic Constellation

Neksus topic constellation that composes this theme

Each topic is a structured module. The annual theme weaves several topics into integrated pillars.

Literacy & Acceptable Use

Corporate Generative AI Training

Foundation module for Pillar 1 (Acceptable Use literacy) and Pillar 2 (understanding generative AI use cases for the register).

See topic detail

Cybersecurity Foundation

Employee Cybersecurity Awareness

Supporting module for Pillars 1 and 3 — data security awareness as a prerequisite before AI risk discussions.

See topic detail

Technical Controls

Corporate MLOps & Production AI Engineering

Core module for Pillar 3 (technical controls) — building reliable, auditable production AI with eval harnesses aligned with OWASP LLM Top 10.

See topic detail

Change Management

Organizational Change Management

Supporting module for Pillar 4 (governance capability) — Kotter 8-Step + ADKAR to change behavior toward safe AI adoption.

See topic detail

Leadership

Leadership for First-Line Managers

Supporting module — first-line managers who operate Acceptable Use + use case reporting in their teams.

See topic detail

Program Risk Mitigations

Common failure modes — and effective mitigations

AI Policy becomes a dead document ignored by employees

Acceptable Use signed; six months later a survey shows 60% of employees do not remember the content and still use public AI for sensitive data.

Mitigation: Acceptable Use refresher 2 hours annually + quarterly spot-check survey + real sanctions for serious violations (documented in Pillar 1).

AI Council overwhelmed by use case volume

Approval backlog of 30+ use cases; BUs bypass by using public AI to avoid the wait.

Mitigation: Fast-track approval for low-risk use cases based on NIST AI RMF classification (limited/minimal in 5 business days, high-risk via formal AI Council).

AI vendors selected without data-security due diligence

Teams buy a new AI tool every week without SOC 2 / ISO 27001 / data residency review.

Mitigation: Vendor security review checklist + approved-AI-vendor register + procurement gate requiring AI Council sign-off.

Conflict with engineering teams who feel governance slows innovation

CIO/CTO complains AI Council is the bottleneck; engineering teams push shadow AI.

Mitigation: Tech Lead joins AI Council in full + fast-track approval for low-risk + AI Council as enabler (ready-to-use templates + sandbox + audit logs) to speed up use cases.

Material incident (data leak via public AI) mid-program

An employee accidentally pastes client data into ChatGPT; disclosure to Kominfo + customer required.

Mitigation: Incident response playbook (Pillar 1) + quarterly tabletop exercise + integration with the enterprise CSIRT team + escalation path to Chief Legal/Compliance within 4 hours.

Legal/Compliance sponsor not fully engaged

AI Policy written by IT, rubber-stamped by Legal at the end; Legal never feels ownership.

Mitigation: Program charter with Legal as a mandatory sponsor + Legal Lead joins AI Council + AI Governance Practitioner cohort as a career investment for Legal.

Typical Outcome Patterns

Typical outcome patterns from similar engagements

Context

Financial services enterprise, 900 employees, tight OJK regulation, early AI exposure for wealth advisory.

Intervention

Annual theme with a wealth BU pilot (30 days). AI Policy v1.0 aligned with POJK 11/2022 + NIST AI RMF ratified in month 4. AI Governance Practitioner cohort of 15.

Indicative result

Typical pattern: 100% of employees signed Acceptable Use by month 6; AI Use Case Register live with 18 entries by month 12; 0 material incidents. Year two focused on the ISO/IEC 42001 certification path.

Context

Public sector SOE, 3,000 employees, AI mandate for public services, sponsored by the Digital Director + Legal Director.

Intervention

Annual theme with Rp 2.1B envelope via SPSE LKPP. AI Policy aligned with the National AI Strategy + SPBE. Cross-directorate AI Council meeting monthly.

Indicative result

Typical pattern: 92% Acceptable Use by month 8; live register with 35 use cases by month 12 (service chatbot + internal analytics). Kominfo + sectoral liaison established.

Context

Manufacturing multinational subsidiary, 600 employees, regional HQ in Japan, EU + APAC exposure.

Intervention

Bilingual annual theme with dual-framework NIST AI RMF + EU AI Act + ISO/IEC 42001 readiness. Pilot in the engineering team, wave to supply chain + quality.

Indicative result

Typical pattern: local AI Policy aligned with regional HQ global policy. ISO/IEC 42001 readiness audit run in year two with specific follow-up recommendations.

Procurement Info

Procurement information

Contract format
Structured annual theme (renewable). Multi-year engagement with an SOW agreed per year. Optional ISO/IEC 42001 path in year two.
Location
Onsite at the client office (Greater Jakarta with no added transport fee), regional onsite, or hybrid (onsite kickoff + bi-weekly online sessions).
Delivery language
Bahasa Indonesia (default) or bilingual ID/EN for multinational enterprises and SOEs with global reporting.
Materials & participant certificates
Structured modules, bilingual workbook, AI Policy + AI Risk Assessment + Acceptable Use + Vendor Security Review templates, 12-month alumni resource hub access, internal AI Governance Practitioner certification.
Tax & e-procurement documentation
PPN tax invoice, official receipt, BAST. SOE/government e-procurement (SPSE LKPP) supported. SBM K/L envelope for ministries and agencies.
Payment terms
20% deposit on contract, 30% milestone per wave (3x), 20% balance after year-one capstone.
Optional add-ons
Personal coaching for Chief Legal/CISO (separate package), quarterly executive briefing for the board (90 minutes), per-use-case AI Risk Assessment audit (manday basis), ISO/IEC 42001 readiness audit.

Frequently Asked Questions

Discuss your organization's Safe AI Adoption theme design

Share your organization size, current AI exposure (vendors, use cases, regulated sector), and the governance challenge you face. The Neksus team studies your context and returns an annual theme design within 5 business days.

Four integrated pillars (policy · register · technical controls · governance capability) under four executive sponsors
30-day pilot → 90-day wave → 12-month org-wide
AI Policy + AI Use Case Register + AI Risk Assessment aligned with NIST AI RMF + NIST AI 600-1 + UU PDP
Technical controls based on OWASP LLM Top 10 + MITRE ATLAS + NIST SP 800-53
Optional ISO/IEC 42001:2023 and EU AI Act readiness paths in year two

An Organization-Level Safe AI Adoption Program that Holds for a Full Year

Why safe AI adoption must be designed as a year-long theme distinct from general digital transformation

Four-pillar integrated architecture

Annual budget envelope by organization size and risk exposure

Rollout phases — 30-day pilot → 90-day wave → 12-month org-wide

Organization-level success metrics — compliance + governance quality

Integrated governance program vs Single IT policy vs No AI governance

Neksus engagement flow for an annual theme

Kickoff & AI exposure diagnostic (4 weeks)

30-day BU pilot

Pilot retro & calibration (2 weeks)

Wave 1 — three priority BUs (90 days)

Wave 2–3 — remaining BUs + technical controls (180 days)

Capstone & year-two design

Program governance — who, what role, what cadence

Who joins from your organization — an integrated multi-cohort design

Neksus topic constellation that composes this theme

Corporate Generative AI Training

Employee Cybersecurity Awareness

Corporate MLOps & Production AI Engineering

Organizational Change Management

Leadership for First-Line Managers

Common failure modes — and effective mitigations

Typical outcome patterns from similar engagements

Procurement information

Frequently Asked Questions

Must our company follow NIST AI RMF if no Indonesian regulation explicitly requires it?

How does the program align with the new UU 27/2022 PDP?

Do we need ISO/IEC 42001:2023 certification?

Can an SOE procure this program through SPSE LKPP?

How does this program relate to a Chief Information Security Officer (CISO) if we don't have one yet?

What if after the pilot we decide to stop?

Who from Neksus is the core facilitator for this theme?

How does Neksus protect the confidentiality of our AI use cases?

How much time does the program need from executive sponsors (CHRO, CIO/CISO, Chief Legal, CFO)?

Discuss your organization's Safe AI Adoption theme design