At ProactiveRISK we help write policies and help businesses with people, process and technology.  The rapid growth of adoption of AI has put business and customer data at risk.  The primary failure is human convience. Since convenience is a quality of being suitable, practical, or designed to save time, effort, or ease your employees should be educated and that must start at the top.  If the management team embraces the AI gold rush, then the collective group can make business decision BEFORE a incident.

=========
INTRODUCTION
This policy outlines the guidelines and procedures for the use of Artificial Intelligence (AI) within our business to ensure ethical, legal, and secure application.
Policy Purpose
To define the acceptable use of AI technologies within the business and to protect against potential risks associated with AI use.
Scope
This policy applies to all employees, contractors, partners, and stakeholders who use or interact with AI technologies on behalf of the business.

Definitions

• Artificial Intelligence (AI): Techniques and tools that enable machines to simulate human intelligence.
• Generative AI: AI techniques generating new, original data.
• Approved AI Tool: AI tools with which the business has a contractual relationship ensuring confidentiality and compliance.
• Unapproved AI Tool: AI tools without a formal legal relationship with the business; only public information may be shared.

General Guidelines

1. Use Approved AI Tools: Employees must use only the AI tools approved by the business for any work-related activities.
2. Data Protection: Ensure that non-public business data is not inputted into unapproved AI tools to prevent unauthorized access and learning.
3. Access Control: Implement and follow least privilege and role-based access controls when using AI tools.
4. Ethical Use: AI tools must be used ethically, avoiding any actions that could be harmful, discriminatory, or illegal.

Roles and Responsibilities

• Chief Information Security Officer (CISO):
  • Maintain and update the list of approved AI tools every 90 days.
  • Ensure AI tools meet security standards and protocols.
• Data Protection Officer (DPO):
  • Keep the organization updated on relevant AI legislation and regulations.
• Employees:
  • Use AI tools in compliance with this policy and data protection regulations.
  • Report any breaches or misuse of AI tools.

Risk Management

• Risk Assessment: Conduct regular risk assessments to identify and mitigate potential AI-related risks.
• Risk Acceptance: Only designated executives can grant written exceptions for AI tool use.

Compliance and Enforcement

• Monitoring: Regularly monitor AI tool usage to ensure compliance with this policy.
• Violations: Employees violating this policy may face disciplinary action, up to and including termination.
• Reporting: All breaches or policy violations must be reported immediately. Retaliation against those reporting violations is strictly prohibited.

Procedures
Approval Process for AI Tools

1. Submission: Employees or departments must submit a request for approval of new AI tools to the CISO.
2. Evaluation: The CISO will evaluate the tool for security, compliance, and suitability.
3. Approval: If approved, the tool will be added to the list of approved AI tools.

Using AI Tools

1. Access: Employees must use their official business identity to access AI tools.
2. Data Input: Only public information should be inputted into unapproved AI tools.
3. Data Handling: Follow certified data handling procedures for approved AI tools to ensure data protection.

Reporting and Handling Breaches

1. Reporting: Report any suspected breaches or misuse of AI tools to the CISO or DPO immediately.
2. Investigation: The CISO will investigate reported breaches and take appropriate action.
3. Remediation: Steps will be taken to mitigate the impact of the breach and prevent future occurrences.

By following this policy and procedure, our business aims to utilize AI technologies effectively while safeguarding our data, systems, and ethical standards.
=================

This is a rapidly evolving space check back soon for updates to this DRAFT or contact us for more information.

To ensure that all data remains internal and is never shared with a third party, you can use open-source AI tools and frameworks that can be run entirely on your local infrastructure. Here are some AI tools and platforms that meet this criterion:

Machine Learning Frameworks

1. TensorFlow:
   • Open-source framework developed by Google.
   • Supports a variety of machine learning and deep learning tasks.
   • Can be run on local servers or internal cloud infrastructure.
   • Website: TensorFlow
2. PyTorch:
   • Open-source machine learning framework developed by Facebook's AI Research lab.
   • Widely used for deep learning applications.
   • Can be run entirely on local hardware.
   • Website: PyTorch

Generative AI Models

1. GPT-Neo/GPT-J by EleutherAI:
   • Open-source alternatives to OpenAI's GPT-3.
   • Models can be downloaded and run on local servers.
   • Suitable for text generation tasks.
   • GitHub: GPT-Neo, GPT-J
2. BERT:
   • Bidirectional Encoder Representations from Transformers.
   • Pre-trained models available that can be fine-tuned for various NLP tasks.
   • Can be run locally.
   • GitHub: BERT
3. Hugging Face Transformers:
   • Library providing thousands of pre-trained models for NLP, vision, and more.
   • Models can be downloaded and used locally without sending data externally.
   • Website: Hugging Face

Data Processing and Analysis

1. Scikit-learn:
   • Open-source machine learning library for Python.
   • Includes simple and efficient tools for data mining and data analysis.
   • Can be run entirely on local infrastructure.
   • Website: Scikit-learn
2. Apache Spark:
   • Open-source unified analytics engine for large-scale data processing.
   • Can be run on local servers or a private cluster.
   • Website: Apache Spark

Computer Vision

1. OpenCV:
   • Open-source computer vision and machine learning software library.
   • Provides a common infrastructure for computer vision applications.
   • Can be run entirely on local machines.
   • Website: OpenCV
2. YOLO (You Only Look Once):
   • Real-time object detection system.
   • Models and code can be run on local servers.
   • GitHub: YOLO

Deployment and Containerization

1. Docker:
   • Platform for developing, shipping, and running applications inside containers.
   • Ensures the application runs in the same environment.
   • Can be used to deploy AI models locally.
   • Website: Docker
2. Kubernetes:
   • Open-source system for automating deployment, scaling, and management of containerized applications.
   • Can be used to manage AI workloads on local or private cloud infrastructure.
   • Website: Kubernetes

This blog post is a work in progress.. if you have something that you would like to add please contact me I would love to include it. - Tom
​