AI is already embedded across healthcare systems – driving clinical decision support, administration, triage, documentation, and procurement workflows. In many cases, it has arrived faster than the governance structures designed to oversee it.
Standards such as ISO/IEC 42001, ISO/IEC 23894, ISO/IEC 38507, and national clinical safety frameworks define what good looks like.
But in practice, AI is being introduced into complex clinical systems faster than governance models are being translated into operational workflows. Many are struggling with the question of what they need to do, day to day, to make this real.
To address this issue, we’ve designed the DPM AI Governance Toolkit — a practical operating model that connects high-level compliance to day-to-day organisational decisions.
From standards to something organisations can run with
In our work with healthcare organisations over the past year, a consistent pattern has emerged:
- Fragmented accountability: responsibility for AI decisions sits with nobody in particular
- Blind procurement: AI systems are being procured without adequate pre-deployment review
- Delayed safety inputs: clinical safety is not being considered early enough in the process
- “Set and forget”: there is no structured process for monitoring AI performance after go-live
- Competence and confidence: teams lack the confidence — and often the training — to challenge or escalate concerns.
Individually, these issues are familiar. Collectively, they represent a governance gap that compounds as AI adoption scales.
Operationalising AI governance standards
We’ve designed the DPM AI Governance Toolkit to operationalise AI governance standards into a structured, usable governance system for both healthcare providers and AI manufacturers working in health markets.
It is not a reference library. We have seen too many governance initiatives that mistake documentation for governance.
Instead, it provides a set of working governance artefacts to give organisations and their teams what they need to govern AI in a way that is consistent, accountable, and proportionate to the risk involved.
It includes:
AI Governance Policy — available in separate versions for health organisations and for
manufacturers, so the policy reflects the context and obligations that are actually
relevant to you
- AI Governance Committee Terms of Reference — defining purpose, membership,
decision-making authority and meeting cadence so that governance has a legitimate
home within the organisation - RACIs for all toolkit processes — making clear who is Responsible, Accountable,
Consulted and Informed at every stage, because accountability without clarity is just
aspiration - AI System Register — a structured inventory for tracking every AI system in use or
under consideration across the organisation - AI Impact Assessment — integrating safety, risk, ethical and operational dimensions
into a single structured evaluation - Supplier Evidence Review Checklist — giving procurement and governance teams a
consistent framework for evaluating what manufacturers have actually provided and
whether it is sufficient - Go-Live Checklist — ensuring that the conditions for safe deployment have been met
before an AI system is switched on - AI Monitoring Plan — for structured, ongoing assurance after deployment, including
performance, safety signals and real-world outcomes - Change Impact Assessment — supporting the governance of changes, modifications
and fixes to AI systems already in use, so that every significant change goes through
the same rigour as initial deployment - A set of SOPs to support delivery of the toolkit — the operational procedures that sit
behind each process, so that teams know not just what to do but how to do it
Each component is designed to work as part of a connected system — integrating with quality management, clinical safety, procurement and board-level assurance — rather than creating a parallel system that nobody has time to maintain.
A practical seven-step process
At the centre of the toolkit is a structured seven-step lifecycle designed to reflect how AI systems are introduced and managed in healthcare settings:
Designed for providers and manufacturers
The toolkit is intentionally designed to support both sides of the digital health ecosystem.
For healthcare organisations, it offers a pathway to move from policy intent to operational control.
For manufacturers, it demystifies the governance expectations that customers are increasingly required to meet. By using tools like the Supplier Evidence Review Checklist preemptively, manufacturers can match the assurance that procurement and clinical safety teams are expected to evidence before deployment decisions are made.
As regulatory expectations evolve and procurement scrutiny increases, the ability to demonstrate governance maturity is becoming a differentiator in adoption decisions, not just a tick-box compliance requirement.
Now is the time
AI adoption in healthcare is now operational, and this shift has changed the nature of governance. It is no longer sufficient to rely on high-level frameworks or retrospective audits.
Governance must function continuously, across the full lifecycle of AI systems that are dynamic, adaptive, and embedded in critical clinical workflows.
The organisations we have worked with have consistently highlighted the same need: something practical that bridges the space between standards and implementation.
That is what the DPM AI Governance Toolkit is intended to provide.
If you’re interested in it, please get in touch: hello@dpmdigitalhealth.co.uk
