The same ticket, a different blast radius
Two messages land in the internal queue within a minute of each other. The first: "I can't get on the VPN from home." The second: "I want to file a complaint about my manager and I don't want HR knowing it was me yet." Both are short. Both are "an employee needs help." A general assistant reading topic alone will happily draft a confident answer to each. One of those drafts saves a help desk tech four minutes. The other one, if it goes out the way an assistant would phrase it, can become a legal exposure before lunch.
That asymmetry is the entire reason internal employee support is a harder routing problem than customer support. With customers, a wrong answer is usually a refund or an annoyed email. Inside a 50-300 person company, the requester is a person with an identity group, an entitlement set, a manager, a salary band, and protected status under employment law. The routing decision isn't "what is this about" — it's "who is asking, what are they allowed to see, and does this topic require a human owner before a single word goes out."
The adoption research from RSM, the San Francisco Fed, and the OECD all point the same way for companies your size: pick narrow, high-frequency workflows and instrument them, rather than buying a broad assistant and hoping. For employee help, the narrow win is obvious — "where do I find the PTO policy," "how do I expense a flight," "reset my SSO." The trap is letting the same surface that handles those reach for payroll disputes, leave-of-absence questions, accommodation requests, and access escalations.
Draw the line where employment law and access control live
Here is a clean way to split the work. ChatGPT Business is genuinely good at one job here: turning your existing handbook, IT runbook, and benefits summary into fast, plain-language answers for questions that have a published, non-sensitive answer. OpenAI describes ChatGPT Business as a managed team workspace with admin controls, and its enterprise privacy commitments matter when employee data is involved — but a privacy commitment from a vendor is not the same as a policy decision about what your people may type into it. That policy is yours to write, and it should be short and literal: handbook lookups, IT self-service, and benefits-summary questions, yes; anything naming a person, a salary, a medical situation, or a security exception, no.
Everything on the "no" side is where a custom workflow earns its keep, because the deciding factor is permission and protected status, not phrasing. A real routing layer classifies five things before it ever drafts: request category, requester's identity group, sensitivity tier, the source-of-truth system that owns the answer, and the escalation owner. "Grant me admin on the finance share" gets checked against entitlement rules and routed to an IT owner — never auto-approved in friendly language. A leave or accommodation question gets handed to a named HR person with an audit trail, not summarized by a bot that doesn't know the FMLA or ADA implications of the words it just generated.
Use the NIST AI Risk Management Framework to name the specific harms — wrong access granted, a confidential complaint mishandled, a confidently-wrong benefits answer that an employee relies on — and use CISA's AI data-security guidance to decide what employee data can sit in the workspace at all, how long it's retained, and who can see it. The safe pattern for the sensitive tier is the same every time: retrieve with a citation to the governing policy, escalate protected topics to a human, and log who reviewed what. If a manager can't reconstruct, six weeks later, why a given employee got a given answer, you don't have a workflow — you have a liability with a chat box.
What to ship Monday, and what to count
Don't measure this with "tickets the bot handled." That number rewards exactly the wrong behavior — a system that answers a confidential complaint counts as a win and is actually your worst outcome. The numbers that tell the truth are safe deflection rate (routine questions resolved without a human), misroute volume, time-to-owner on escalated cases, reviewer override rate, and how often a protected topic correctly refused to auto-answer. Deloitte's 2026 AI research is most useful as a reminder that the gap between a demo and production value is exactly this kind of instrumentation.
Concretely, this week: pick one category with a published, non-sensitive answer — IT self-service password and VPN resets, or "where is the policy on X" handbook lookups — and put only that in ChatGPT Business with a written rule listing what employees may and may not enter. In parallel, write the routing table for the sensitive tier on a single page: category, who owns it, what must be checked first, and what gets logged. You do not need to build the custom workflow yet. You need the decision to exist so a curious assistant doesn't make it for you by accident.
Pair the employee helpdesk implementation guide with the AI Opportunity Score to see whether your knowledge sources are clean enough to retrieve from before you automate anything broader. Expand only when the owner of this workflow can say, in plain numbers, what improved in resolution time and how many sensitive requests reached the right human untouched. That sentence — not a usage dashboard — is the signal that you're ready for the next category.
