GenAI Policy design
Implement Generative AI Policy and policy implementing procedures in your organization. Ensure safe and secure use of generative AI to boost productivity for your employees, mitigating data privacy, reputation, IP infringement and other related risks at the same time.
Your business challenges
“Without a proper policy in place, enterprises are likely to become more susceptible to data breaches and other security compromises without the appropriate governance in place over the use of AI-enabled tools. However, a recent ISACA study on generative AI found that only 10% of organizations have formal, comprehensive policies in place for generative AI.”
Mary Carmichael, CRISC, CISA, CPA, Member of ISACA Emerging Trends Working Group.
Our Solution
Are you a medium or large business concerned about cybersecurity and privacy risks posed by uncontrolled usage of generative Al tools like ChatGPT, Bard, and others?
While you may have ISO9K, 27K, or other certifications with relevant policies and procedures already in place, field experience suggests that most users find it hard to apply them to the latest generative Al tools.
Our standard delivery process:
- 2 months engagement.
- Review of existing policies (documentation-based) and feedback collection about the Generative Al Model Policy.
- Prepare and discuss customized Model Policy and supplementary procedures created based on assessment phase data.
- Final presentation to the customer.
Generative Al Model Policy
What it is?
It is a proprietary reference policy prepared by Squalio and intended as a generalized baseline policy version that should be customized for each implementing entity and augmented by required implementing procedures.
- Available free of charge, licensed under Creative Commons Attribution-Share Alike 4.0.
- Implements the following core principles of responsible use of Al:
- Whitelist - allowed are only tools explicitly whitelisted
- No company identifiers when registering for private GenAl accounts
- Human in the loop - results output from GenAl tool must be validated before use
- Transparency and disclosure
- The word "Model" refers to the intended use of this document - serves as a baseline, to be customized when implemented at every organization. Not to be confused with Al models.
Engagement checklist and structure
1. Kick off
- Meeting with the customer team to align on project goals, deliverables, and timeline
2. Prepare
- The customer collects and submits org chart, relevant existing policies, and process descriptions
- Squalio reviews submitted information and maps to Model Policy identifying likely changes required
- Customer reviews Generative Al Model Policy and prepares customization requests
- Meeting with the customer team to agree on core GenAI principles for customized policy, and discuss any open questions before policy and procedures could be drafted (2 hours)
3. Create
- Squalio prepares drafts for customized policy and implementing procedures
- The customer reviews drafts and submits proposals to Squalio
- Review meeting with customer team to review required adjustments and discuss any open questions (2 hours)
- Squalio adjusts policy and procedures texts according to review meeting
4. Present
- All-hands meeting to present the final version of customized policy and procedures (1 hour)
- Key principles embedded into documents explained
- Recommendations for next steps
Your benefits and deliverables
Deliverable:
- GenerativeAI Policy:
- Based on our Generative AI Model Policy
- Customized according to customer environment
- Policy implementation procedures
- Based on customized GenerativeAI Policy
- Provides further details hot to implement processes referenced from the Policy (e.g. how to evaluate generative AI services when responding to request for access etc.)
Benefits:
- Enable employees to use latest generative AI products in safe and secure way
- Reduced risks for company – data privacy, reputation, IP infringement etc.
- Roles and responsibilities clearly defined
- Building on top of our Generative AI Model Policy, customized policy version for your company environment and specific procedures added for policy implementation.
We are ready to tell you more
