By Sector / Enterprise Productivity
Enterprise Productivity AI Governance
AI overlays on enterprise productivity tools (M365 Copilot, Salesforce Einstein, Glean) and standalone productivity AI (Notion AI, Otter.ai). Scored on cross-cutting governance axes with sector overlays scored N/A unless the vendor positions vertically.
Why this sector view
Productivity AI is where shadow-AI risk is highest — staff adopt consumer-tier tools (Notion AI, Otter, ChatGPT Plus) without governance review, and the vendor posture doesn't always support regulated workloads. Composite uses baseline weights since these vendors are general-purpose; the BAA gap is the #1 deployment risk.
Primary frameworks anchored
- NIST AI RMF 1.0
- SOC 2 Trust Services Criteria
- HIPAA BAA (for vendors handling PHI workflows)
- Colorado AI Act (cross-cutting)
- Subprocessor transparency standards
| # | Vendor | Score | Grade | BAA | Opt-out | US Res | SOC 2 | ISO 42001 | NIST AI | CO AI | §1557 | SR 11-7 | ABA 512 | Subproc | TC |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Microsoft 365 Copilot | 75 | B | Yes | Yes | Yes | Yes | Partial | Partial | Partial | Partial | Partial | Partial | Yes | 5/5 |
| 2 | Salesforce Einstein / Agentforce | 69 | C | Yes | Yes | Yes | Yes | No | Partial | No | Partial | Partial | N/A | Yes | 5/5 |
| 3 | Glean | 69 | C | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 4 | Notion AI | 33 | F | No | Partial | No | Yes | No | No | No | N/A | N/A | N/A | Yes | 3/5 |
| 5 | Otter.ai | 25 | F | No | Partial | No | Yes | No | No | No | N/A | N/A | N/A | Partial | 2/5 |
Buyer's guide for this sector
For enterprise productivity AI, the highest-leverage axes are BAA availability (separates regulated-deployable from consumer-only), training opt-out default, subprocessor transparency, and trust-center maturity. The biggest deployment risk we see across audits: consumer-tier productivity AI (Notion, Otter, ChatGPT Plus) entering regulated data flows without a BAA path.
Operationalize the scoring
Operator-vs-Advisor-vs-Platform Comparison
The Index tells you which vendors clear the bar. The companion resource tells you how to turn that selection into a deployable governance program with documented evidence.
Operator-vs-Advisor-vs-Platform Comparison →Scoring as of 2026-05-13 from public information (vendor trust portals, BAAs, SOC report cover pages, model cards, vendor documentation). Posture changes frequently — re-verify with the vendor's trust center before contract. Methodology: read the full methodology.
Turn the scoring into a deployable program
The Index tells you the posture. These engagements turn the posture into operational evidence.