Skip to content
Max Solutions Tech
Readiness

AI Readiness in 90 Days: A Practical Checklist

Readiness is not a feeling — it is a set of conditions you can verify. This is the 90-day checklist we use to take an organization from AI ambition to a defensible first build, across data, governance, security, talent, and value.

4 min read
Back to Insights

"Are we ready for AI?" is usually asked as a feeling and answered with a hope. It should be neither. Readiness is a set of conditions you can check — and most of them can be established, or honestly ruled out, in about 90 days.

This is the checklist we work through. It is organized into five readiness pillars and three phases. The goal at the end is not a model in production; it is a defensible decision to build a specific thing, with the conditions for success already in place.

The five pillars of readiness

Readiness fails unevenly. An organization can have excellent data and no governance, or a clear value case and no one to own the system. Check all five — a single weak pillar is where programs stall.

1. Value

  • A named, ranked shortlist of use cases — not a wish list, a priority list.
  • For the top candidate: who benefits, by how much, and how you will measure it.
  • A baseline metric captured before anything is built, so improvement is provable.
  • A clear answer to "what happens if we do nothing?" — the cost of inaction.

2. Data

  • The data the top use case needs actually exists and is reachable.
  • Its quality is known, not assumed — completeness, freshness, and accuracy are measured.
  • Ownership and lineage are documented: who is accountable for each source.
  • Access is permitted for the intended purpose, in writing, not just in principle.

3. Governance

  • A decision owner for the use case — one accountable person, not a committee.
  • A written policy for acceptable use, human oversight, and escalation.
  • A record of how decisions the system influences will be logged and reviewed.
  • Alignment with the regulations and standards your sector is actually held to.

4. Security

  • A threat model for the system: what could go wrong, and who it would harm.
  • Data classification done — you know what is sensitive before it moves.
  • Controls specified for access, secrets, and the model's inputs and outputs.
  • A plan for auditing and monitoring the system once it is live.

5. Talent and ownership

  • A named team that will own the system after launch — not just build and leave.
  • The skills gap is honestly assessed and a plan exists to close it.
  • Executives understand the system well enough to sponsor and defend it.
  • The people whose work it changes have been involved, not surprised.

The 90-day path

Phase 1 — Days 1–30: Frame and baseline

Establish the value pillar and start the data pillar. Run a focused discovery: interview the people closest to the problem, rank candidate use cases, and pick one to pursue. Capture the baseline metric now — you cannot prove improvement you never measured. Write the one-paragraph thesis: this use case, worth this much, carrying this risk.

Phase 2 — Days 31–60: Verify and de-risk

Pressure-test the assumptions. Confirm the data is real, reachable, and good enough. Build the threat model and classify the data. Draft the governance policy and name the decision owner. By the end of this phase you should know not whether AI could help in theory, but whether this build will work in practice.

Phase 3 — Days 61–90: Decide and specify

Convert verified readiness into an architecture an engineering team can build — system design, data flows, and controls, before a line of code. Make the build/no-build decision explicitly, in front of the people accountable for it. If a pillar is still weak, you now know exactly which one, and whether it is fixable or fatal.

A 90-day readiness sprint that ends in a confident "not yet" has done its job. It is far cheaper than a build that discovers the same truth six months and a budget later.

How to use this checklist

Score each pillar honestly: green where the condition is met, amber where it is in progress, red where it is missing. A use case with any red pillar is not ready — it is a list of risks waiting to surface during the build.

The point of readiness is not caution for its own sake. It is to make the first build boringly likely to succeed, because every condition it depends on was verified before anyone wrote code. That is what turns AI ambition into an outcome instead of an experiment.

ai-readinessgovernancedatachecklist

Related reading

Thesis → System

Bring the ambition. We bring the thesis and the system.

Whether you need a board-ready AI strategy or a secure system shipped to production, the engagement starts the same way — one conversation about where you want to lead.

Book a working sessionScope your build