Skip to main content

Deploying any new software application across an organization is a critical endeavor that demands a sound, structured approach. When the software in question is a large language model (LLM) or other generative artificial intelligence (GenAI) model, there are a few additional things to consider. We’ve identified 10 steps that can ensure a smooth roll-out.


Bring together representatives of the organizational functions that will be using the models. This means all the functions, not just the one that brought up the topic or the one with the largest headcount or the most clout. Once this GenAI ball gets rolling, everyone will want in. Better to anticipate that early and avoid making big changes when parameters have already been set. Make sure the group is big enough to be comprehensive, but small enough to make decisions and execute tasks–which means keep it to no more than 10 members, at most.


Identify the business needs and requirements that align with the current state of the organization and will support future roadmaps and identified strategic milestones; include immediate, medium-, and long-term needs. Agree on which of the organization’s foundational principles must be taken into account when considering adopting such new technology.  


Review the products available and meet with vendors to determine if the models align with your business requirements and use cases, and determine what the models can and cannot do for your organization. Depending on the industry and the organizational culture, deploying one large, general-use model, such as ChatGPT or BERT, might be the best option. Or a set of smaller, focused models that support specific teams, such as Legal, Finance, or Engineering, or that support a specific industry, such as healthcare or creative design, might be the better solution. Or, as more and more organizations are doing lately, develop an in-house model suited to and trained on your organization’s proprietary knowledge base. Request information about known vulnerabilities and other security issues. Ensure any relevant government regulations, industry safety standards, and organizational policies and practices will be addressed. 


After the decision to move ahead with one or more models has been made, draft a project timeline, allocate resources, and determine the budget. Confirm the model(s) will integrate seamlessly with the current digital security infrastructure. Identify changes and upgrades that need to happen before deployment, including those related to new or expanded risks the organization will face. Establish criteria and thresholds to assess the effect model usage has on productivity and other operational performance indicators.  


Communicate the plan, including the intent and benefits, to the wider stakeholder community. Depending on the situation, this information should reach the boardroom, as well as the basement. Invite their feedback and address their concerns.


This step requires not only crafting a program—which could be limited to online resources or documentation, or include hands-on workshops—that ensures the end users get the model-specific training they might need, but also:

  • Identifies the program’s alignment to organizational principles. 
  • Explains acceptable-use and other workplace policies relative to using the models. 
  • Identifies security issues and describes security protocols. 
  • Outlines the appropriate response(s) to potential security events. 


While not required in every instance, deploying new tools to a small, but representative group before a full-scale rollout is never a bad idea. It can provide valuable insight into technical issues, such as integration, scaling, speed, and compute resources, as well as user feedback regarding ease-of-use and overall utility. Just make sure you address and resolve any issues that arise.


Whether you choose to take a phased or full-scale approach, ensure the deployment schedule and other pertinent information is communicated clearly throughout the organization and that the support team or helpdesk is available from the start. 


To the degree that metrics are available, track and analyze organizational and individual usage and model performance, and assess the model’s effect on business activities. Observe the system continuously for and respond to unauthorized access attempts and potential security breaches—these can become painful very, very rapidly. Conduct regular assessments to determine if the technology or the education program require updating. Request, review, and respond to user or system feedback and integrate updated business requirements.


Always be prepared for unexpected challenges by maintaining a flexible and proactive mindset.

AI security