Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

01) Does your organisation have a documented AI Policy?

September 11, 2024
Artificial Intelligence
Internal AI application
Small Framework

Answer yes if Machine Learning or Generative AI models are used anywhere within your organisation. This includes the use of AI features or capabilities embedded in your supplier’s services or any SaaS tools your people use (e.g. Google Gemini or Microsoft’s Copilot). Unless it has been specifically prohibited and the restriction technically enforced, it is likely that AI is being used somewhere within your organisation and you should answer yes to this question.

What is it?

An Artificial Intelligence (AI) Policy defines your organisation’s rules and expectations for the responsible use and management of  AI tools and technologies.AI introduces new and unique risks, including confidential data leakage, bias, misuse of generative AI tools, and reliance on unverified outputs. An AI Policy outlines your organisation’s objectives for AI use, how sensitive data must be handled within these systems, and the safeguards in place to prevent harm, misuse, or regulatory non-compliance.

Why should I have it?

An AI Policy provides assurance that AI tools and technologies are fully integrated into your organisation’s governance structure, as with other critical policies. It provides assurance to clients and stakeholders that your organisation is aligning with emerging regulations and industry best practices for AI governance and security, reducing the risks of doing business with you.

It also gives your leadership and board confidence that your own data is being managed securely, avoiding unnecessary legal, regulatory, or reputational exposure. At the same time, it reassures clients that their sensitive data will not be misused, exposed, or leveraged in ways that could cause negative outcomes or reputational damage.

How to implement the control

It is important to develop an AI Policy that reflects your organisation’s specific use of AI tools and technologies. Ideally, the policy should align with recognised AI security or governance frameworks, such as the NIST AI Risk Management Framework or the EU AI Act, as well as industry-specific standards relevant to your sector.

You may seek the assistance of specialist consultancies or independent advisors to help craft an AI Policy that meets your business requirements.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.