Table of contents

Executive summary

Foreword

Chapter 1. AI and Software Engineering

Chapter 2. Common threats of AI for organizations

DOWNLOAD THE FULL GUIDE

Chapter 3. Compliance

Chapter 4. AI-readiness guide

Download your free guide to AI readiness 

Our AI readiness guide equips organizations with practical steps to navigate AI's challenges and seize opportunities. 

A total of 19 steps are discussed, across four key areas of the organization:

  • The board 
  • Governance, Risk, and Compliance (GRC) 
  • Security (CISO) 
  • IT – including development (CTO)

Key recommendations

  • Take accountability
    Establish an AI management system to oversee AI across business, ethics, and legal perspectives, supported by policies, defined roles, and continuous upskilling.

  • Treat AI as software
    Apply standard software development best practices, including security management and rigorous quality control. 

  • Assume attacks and minimize impacts
    Prepare for AI failures by limiting data collection, implementing oversight, and adopting a zero-trust approach with continuous validation.  

AI readiness isn't just about technology—it’s about leadership and accountability. This guide provides essential insights into how to get started and stay ahead in a rapidly evolving AI landscape.

DOWNLOAD THE FULL GUIDE

AI statistics you cannot afford to ignore

We are Software Improvement Group

Software Improvement Group (SIG) leads in traditional and AI software quality assurance. Empowering organizations to become more resilient and agile by guiding them to enhance their software quality and security through deep source code analysis and tailored, strategic advice.  

Sigrid® - its software assurance platform - leverages the world’s largest database of over 270 billion lines of code across more than 20,000 systems in 300+ technologies, and intelligently recommends the most crucial initiatives for organizations.  

SIG was founded in 2000 and has offices in New York, Copenhagen, Brussels, and Frankfurt, and is headquartered in Amsterdam.    

Sigrid®, together with expert software engineering consultants, and nearly 25 years of industry-leading research, position SIG as the foremost authority on software excellence.

24

YEARS OF EXPERIENCE

20K+

SYSTEMS EVALUATED

300+

TECHNOLOGIES

270+

BILLION LINES OF CODE ANALYZED

Laurie Cunningham, CTO at Terraquest

Software Improvement Group’s first-class guidance aided us greatly. Our maintenance costs are lower, development is more efficient. One of the many benefits has been the reduction of our technical debt by 20%.

Anthony Fitzpatrick, VP of Engineering at Kallidus

We’ve significantly enhanced our expanding software portfolio’s quality, slashing maintenance costs by 400%, effectively mitigating open-source security risks, and allowing us to make better-informed investment decisions.

Joe Bohman, Executive Vice President at Siemens Digital Industries Software

Making sure your product is secure, protected, and compliant throughout the entire lifecycle, from design to end-of-life, has become truly business-critical. This partnership with SIG offers strong support for cybersecurity.

<<>>

Unlock AI readiness today

A pragmatic guide for leaders to navigate AI implementation responsibly and at scale.

By clicking 'Download the guide', you'll receive occasional communications from us. You can opt out at any time. For more information, visit our privacy policy.

AI Principal Expert, SIG
Leading AI Author, EU AI Act
ISO 5338 Standard

Rob van der Veer

AI Readiness Guide

Find out how AI-ready your organization is today

Take our free and short 25-question assessment to identify where your organization stands currently, identify areas for improvement, and get actionable advice on how to do so.

AI readiness guide 
for organizations

by Rob van der Veer

Senior principal expert AI at SIG, and author of AI standards including ISO/IEC 5338 and the EU AI Act security standard.

AI Principal Expert, SIG
Leading AI Author, EU AI Act
ISO 5338 Standard

by Rob van der Veer

AI Readiness Guide

Chapter 1: AI and software engineering

1. AI and software engineering

What is AI?

Use case 1: Using AI to help create code

Use case 2: Developing an AI-system

Demystify AI’s role in engineering, explore how AI can drive software development without compromising security and quality. Learn about real-world AI use cases, from code generation to AI system development.

2. Common threats of AI for organizations

AI's opportunities and risks

Key threats

AI system quality issues

Chapter 2: Common threats of AI for organizations

Discover the hidden risks AI poses to organizations, from cybersecurity threats to reputational damage. Learn the most common threats organizations face today, including bias, data issues, and governance challenges, with practical steps to mitigate them.

DOWNLOAD THE FULL GUIDE

4.1 The board

Step 1: Attain Basic Understanding of AI in the board

Step 2: Assign Roles and Responsibilities

Step 3: Build on Existing Practices

Step 4: Form a multidisciplinary AI committee

Chapter 3: Compliance

Ensure your AI initiatives meet global regulatory standards. This chapter provides an essential guide to navigating the complex AI compliance landscape, including key regulations like the EU AI Act, U.S. legislation, and includes an overview of relevant ISO/IEC standards.

3. Compliance

Trends and themes in AI regulations

European AI Act

US AI legislation and principles

ISO/IEC standards

Chapter 4.1: The board

Set the foundation for AI success at the highest level. This chapter guides board members through the critical steps to ensure AI aligns with business goals, ethics, and legal requirements. Learn how to assign roles, build on existing practices, and form a multidisciplinary AI committee to lead your organization’s AI transformation.

Board

GRC

CTO

CISO

Setup an AI management system

4.2 GRC

Step 5: Identify relevant laws and regulations

Step 6: Create and maintain an inventory of AI applications

Step 7: Evaluation of AI applications 

Step 8: Communicate evaluation results 

Step 9: Create and implement AI policies

Step 10: Upskilling and creating a learning organization

Step 11: Stakeholder communication

Step 12:  Implement and improve AI readiness program 

Chapter 4.2: Governance, Risk, and Compliance (GRC) 

Implement an effective AI management system that ensures compliance and mitigates risk. This chapter explains how to create a robust AI governance framework, inventory AI applications, and enforce policies that protect data and uphold transparency, helping you stay compliant with regulations like the GDPR and EU AI Act.

4.3 CISO

Step 13: Incorporate AI Security Threats and Controls

Step 14: Incorporate security attacks by AI 

Step 15: Collaborate with GRC 

Step 16: Collaborate with the CTO 

Chapter 4.3: CISO

Strengthen your security protocols to protect against AI-specific threats. This chapter provides security officers with practical strategies to extend existing security measures to AI systems, from securing AI models and data to preventing attacks and breaches.

4.4 CTO

Step 17: Incorporate AI into the system lifecycle

Step 18: Manage AI-supported programming

Step 19: Organize a community of practice for AI development

Chapter 4.4: IT & Development (CTO)

Integrate AI into your existing IT and development processes. This chapter offers practical steps for CTOs and IT leaders to manage AI development, minimize technical debt, and ensure AI systems are secure, scalable, and aligned with the organization’s long-term strategy.

DOWNLOAD THE FULL GUIDEDOWNLOAD THE FULL GUIDEDOWNLOAD THE FULL GUIDEDOWNLOAD THE FULL GUIDEDOWNLOAD THE FULL GUIDEREAD MORE

Lead author: Rob van der Veer

Rob van der Veer has more than 32 years of experience in AI, as researcher, data scientist, programmer, hacker, and CEO. Rob established the security & privacy practice and the AI practice at Software Improvement Group (SIG). He is also the co-founder of OpenCRE a platform that harmonizes security standards and guidelines into a single online resource.  

Rob is the main author of the ISO/IEC 5338 standard on AI engineering, the co-editor for the AI Act security standard, and he open sourced the global discussion on AI security by founding the OWASP AI Exchange and the liaison partnership with international standards.

AI readiness guide for organizations

Practical steps for leaders to implement AI in organizations, focusing on AI governance, risk management, development, and security.