AI Policy
Scope
This policy (Policy) applies to the use of artificial intelligence (AI) by PROCESS 360 (Company) in the conduct and management of our business, partner relationships, and the delivery of products and services to our customers, to include this website, which was developed with AI.
NOTE: This is our public facing AI policy. The company maintains an ISO 42001 Artificial Intelligence Management System (AIMS), which includes both our customer facing products and services as well as our internal business services. This external AI policy is aligned with our AIMS Policy, although certain internal policy information has been redacted. Consistent with the AI roles defined by ISO 42001, and further explained in ISO 22989, PROCESS 360 acts as an AI Partner (AI Systems Integrator, AI Evaluator, and AI Auditor), and concurrently under the AI User roles.
Purpose
We use publicly available AI applications that are reviewed by the Company to enhance and optimize how we conduct business. We use reasonable criteria to ensure that our Responsible AI Principles are adhered to, and that we protect the interests of individuals, organizations, and society. We are particularly focused on ensuring the protection of privacy, intellectual property, and the accuracy of information. We recognize, as should everyone, that the use of AI can have unforeseen and unpredictable outcomes, and so we continuously re-assess our use of AI.
AI Policy
Acceptable Use: AI shall be used in a professional, ethical, and lawful manner. Users shall respect the rights of others and shall not use AI in any way that is illegal, harmful, interferes with the use of AI by others, or is otherwise inconsistent with the Responsible AI Principles adopted by PROCESS 360. AI programs shall not be used to produce or otherwise interact with information, images, files, or other digital content not related to company objectives, including obscene or potentially offensive content.
Privacy and Data Protection: AI shall not be used in a way that infringes upon individuals' privacy rights. The use of AI must comply with applicable privacy laws and regulations and with our company's Data Protection Policy. Users are prohibited from inputting personally identifiable information or sensitive business information into third-party AI applications. The application of the PROCESS 360 Data Classification Policy shall be strictly enforced.
NOTE: Customer content protected by non-disclosure agreements (NDAs) is not exposed to AI solutions, unless PROCESS 360 can ensure that all processing remains within our control. This is especially applicable to sensitive audit working documents and reports.
Security: Our system users are provided with access to PROCESS 360 owned AI platforms in accordance with their job responsibilities. As with all corporate technology systems and data, users must take all necessary precautions to prevent unauthorized access to AI and to protect the integrity and security of the platform(s). This includes protecting passwords and other access information, updating and patching software as required, and reporting any suspected security breaches immediately to a PROCESS 360 executive.
NOTE: All AI systems are subject to appropriate PROCESS 360 controls, consistent with the ISO 9001 (QMS), ISO 27001 (ISMS), and ISO 42001 (AIMS) scope statements.
Transparency: Where AI interacts with individuals, either internally or externally, it must do so in a transparent manner. Our system users must ensure that entities are aware when they are interacting with AI and what data the AI is collecting, processing, or using.
NOTE: This policy is part of our commitment to transparency.
Accuracy and Quality: Our system users must ensure that data used by AI is accurate, complete, and high-quality to the maximum degree possible and within the control of PROCESS 360. Inaccurate or poor-quality data can lead to incorrect or biased decisions in AI. Our system users are encouraged to also consider the context in which the output will be incorporated into business works for appropriateness and accuracy. All AI-produced works are subject to quality assurance review processes before incorporation into production data sets, product builds, or customer deliverables in accordance with the company's AI Management System (AIMS) and Quality Management System (QMS) policy, programs, and processes.
Fairness and Non-Discrimination: AI must not be used in a way that discriminates against or harms individuals or groups based on characteristics such as race, color, religion, sex, national origin, age, disability, or genetic information.
AI Use in Video Conferencing and Transcription Services: AI may support video conferencing services, to include transcription services. The Company is diligent to ensure that such capabilities are only used with consent, and that certain topics, especially during audit, may require temporary suspension of AI capabilities given the nature of the content being discussed. The Company maintains direct control over such records and recordings, and where appropriate elects to use the services of our clients and partners so that they might invoke controls deemed appropriate.
Training and Supervision: Users must undergo appropriate training before using AI for company purposes. The use of AI must be supervised by appropriately trained personnel who can understand and manage the risks associated with the use of AI.
Auditing and Monitoring: The use of AI will be subject to regular audits and ongoing monitoring to ensure compliance with this Policy and with other applicable laws, regulations, and other internal and external mandates. The use of AI may also be monitored for compliance purposes.
Intellectual Property: Users must respect the intellectual property rights. Unauthorized copying, distribution, or reverse engineering of AI, or through the use of AI is prohibited. Furthermore, employees and our direct independent contractors (ICs) are prohibited from using AI platforms to manipulate, alter, or otherwise reproduce copyrighted content for business purposes.
Violations
Disciplinary Process: Violations of this Policy may result in disciplinary action, up to and including termination of employment or contract, legal action, and/or reporting to relevant authorities.
Reporting: Violations of the Policy, whether intentional or accidental, shall be reported to a PROCESS 360 executive who shall determine appropriate actions. Please submit any relevant reports to contact@process360.com so that the Company can act responsibly. This email account is used by the contact page on this website.