AI Codex
Business Strategy & ROIHow It Works

How to get IT to approve your Claude rollout

In brief

IT isn't the enemy of your Claude rollout — they're the ally you haven't briefed yet. Here's exactly what IT needs to see before they can say yes, and how to give it to them without triggering a six-month procurement cycle.

8 min read·Claude Plans

Contents

Sign in to save

You want to roll out Claude to your team. You know it would save time, improve quality, and make your team more capable. You've already used it yourself. It works.

Then IT gets involved — and the timeline stretches, the questions multiply, and the rollout that should have taken two weeks is now in a review cycle with no clear end date.

This is not an IT failure. It's a briefing failure. IT directors like James aren't trying to slow you down. They're trying not to be the person who approved the tool that caused a data incident six months later. Give them what they need to say yes, and they'll say yes.

Here's exactly how to do that.

What IT is actually worried about

IT's concerns aren't about AI in general — they're about three specific risks:

1. Data handling. Where does the data go? Does Anthropic train on your company's inputs? Can employees accidentally upload confidential customer data, and if so, what happens to it?

2. Access and authentication. Who in the organization has access? How are accounts provisioned and deprovisioned? If an employee leaves, does their Claude access get revoked automatically through your SSO, or does someone have to remember to manually disable it?

3. Policy and governance. Is there a usage policy? Who's responsible for it? What happens when someone misuses it?

These are reasonable concerns. The mistake most people make is trying to answer them in a hallway conversation. Answer them in writing, in advance, in a format IT can file.

The security answers IT needs

Before you send anything to IT, know these answers cold.

On data training: Anthropic does not use inputs and outputs from Claude API or Claude for Work (formerly Team/Enterprise plans) to train models. This is documented in Anthropic's data usage policy. Usage from free or Pro personal plans may be used for training if opted in, but those are personal accounts — not what you're deploying.

On data retention: By default, Anthropic retains conversation data for a period defined in their privacy policy (check the current policy for exact windows, which have changed). Enterprise contracts can negotiate zero retention.

On data residency: Anthropic processes data in the US. If your organization has EU data residency requirements, this needs to be addressed in the contract, not in the tool evaluation.

On confidential data: If employees are uploading customer contracts, internal financials, or regulated health data, your usage policy needs to address what's permitted. The tool itself doesn't know what's sensitive — that's a governance question, not a product question.

On SSO: Claude for Work supports SSO through SAML/OIDC. Admin-provisioned accounts can be managed centrally. Deprovisioning flows with your IdP (Okta, Azure AD, etc.) can be configured.

Print these answers out before your IT conversation. James will have heard most of these questions before and will be relieved you came prepared.

The one-page IT brief

IT responds to documents, not conversations. Write a one-page brief — no more — with these five sections:

1. What you're deploying
"Claude for Work — Anthropic's business tier. Team plan for initial pilot with [N] users in [department]."

2. Use cases
"[Your team] will use Claude for [specific tasks: drafting customer communications, summarizing call notes, preparing quarterly reviews]. We will not use Claude to process [excluded data types]."

3. Data handling
Copy the relevant answers from the section above. Two to three bullet points.

4. Access and governance
"[Name] will administer the account. Provisioning/deprovisioning via [your IdP]. [Department] will operate under [usage policy link or attachment]."

5. What you're asking for
"Approval to deploy Claude for Work to [N] users in [department] for a 60-day pilot. We'll report back on [date] with usage data and any issues."

One page. If it's longer than one page, you're including things IT didn't ask for. Keep it short.

The conversation you'll have

Most IT reviews have a standard path:

They'll ask about security certification. Anthropic holds SOC 2 Type II certification. If James asks, the answer is "yes, SOC 2 Type II, available on request."

They'll ask about the vendor review process. If your company has a formal vendor review (security questionnaire, privacy review), complete it. Don't try to skip it. Attempting to work around the process will create more friction than the process itself.

They'll ask who's responsible. Have a named person ready. "I'm the business owner. [IT contact] will be the technical point of contact for the account." Shared ownership makes IT feel better because there's a clear escalation path.

They'll ask about the timeline. Don't push for a 48-hour turnaround. Ask for a decision within two weeks, and offer to answer any outstanding questions within 24 hours. Giving IT room to do their job properly gets you a faster yes than pressuring them.

The thing not to say

Don't say "it's just the web app, everyone can already use it personally." That's technically true but it signals to IT that you're trying to avoid governance, not work with it. The moment IT feels like someone is trying to route around them, the review gets harder.

What to say instead: "We want to do this the right way, under a managed account with proper governance. That's why I'm here."

What to do before they say yes

Two things to prepare while the review is in progress:

Draft the usage policy. Even a simple one. "Employees may use Claude for [permitted uses]. Employees should not upload [restricted data types]. Questions go to [name]." This shows IT the governance piece is handled, not assumed.

Identify your early adopters. The people who will actually use the tool in the first month, who will troubleshoot it when it's confusing, and who will generate the usage data you'll bring back to IT at the 60-day mark. You need 3-5 people who are genuinely motivated, not 20 people who were told to try it.

After IT says yes

When approval comes through, do three things:

  1. Set up the admin account and provision your early adopters through SSO.
  2. Send the usage policy to your team before they start — not after.
  3. Schedule the 60-day check-in on James's calendar now. The check-in is what converts a pilot into a permanent deployment. Without it, approvals expire quietly.

The organizations that get fast IT approval and build lasting AI programs don't have more permissive IT teams — they come to the conversation better prepared.

For the usage policy template, see the AI usage policy template. For what the full admin rollout looks like after approval, the Claude admin zero-to-one guide covers the next steps.

Further reading

Weekly brief

For people actually using Claude at work.

What practitioners are building, the mistakes worth avoiding, and the workflows that actually stick. No tutorials. No hype.

No spam. Unsubscribe anytime.

What to read next

Picked for where you are now

All articles →
update·6 min

What's new in Claude admin controls: groups, spend limits, and compliance

New April 2026 admin controls — user groups, spend limits, Compliance API — are the specific features IT will want to understand.

How It Works·5 min

AI usage policy template (copy, edit, send to legal)

The usage policy James needs to see before he approves — have it ready before the conversation.

Field Note·6 min

You've been asked to set up Claude for the company. Here's where to start.

After IT says yes, this is the step-by-step admin setup that follows.