AI Acceptable Use Policy Template

Download your free copy now

With the rise of ChatGPT and other LLMs, more employees than ever are making use of these tools in work-related applications.

It’s very important for companies to implement an AI acceptable use policy now to establish guidelines around appropriate handling of customer data and more where these tools are concerned.

Download our free AI acceptable use policy template and create your company’s policy today.

Free Resource

Download our free AI Acceptable Use Policy Template now.

DOWNLOAD TEMPLATE

Purpose

The purpose of the FRSecure AI and LLM Usage Policy is to establish the acceptable use of AI (Artificial Intelligence) and LLM (large Language Models) technologies within the operations of FRSecure.

Audience

The (Company) AI LLM Acceptable Use Policy applies to any individual, entity, or process that interacts with any (Company) Information Resource.

Policy

Treat all customer information as highly confidential. Do not disclose or share any sensitive customer data during interactions with AI or LLM platforms.
Ensure that AI and LLM platform interactions occur over secure channels and on systems with appropriate security measures to protect customer information from unauthorized access or disclosure.
Usage must adhere to all relevant laws, regulations, and industry standards, such as data protection and privacy regulations (e.g., GDPR, CCPA) and financial industry guidelines (e.g., PCI DSS).
AI and LLM platform usage and/or integration into existing tools will require review and approval by the (Company) Infosec Committee. All vendors must be reviewed in accordance with (Company) Vendor Risk Management policy and an impact analysis must be completed before the committee will consider usage.
Avoid storing or retaining chat logs longer than necessary. Delete or anonymize customer interactions as per data retention policies and applicable regulations.
Exercise caution when relying on AI and LLM responses for critical decisions or actions. Use these models as a support tool rather than a sole source of information.
Conduct periodic audits and assessments of AI and LLM usage, including access controls, data handling practices, and compliance with policies and regulations.
Implement monitoring mechanisms to track and record interactions with AI and LLM platforms for security, compliance, and quality assurance purposes.
Educate employees on the appropriate usage of AI and LLM platforms, including data privacy, security best practices, and the importance of adhering to the established policies.
Regularly review and update the policy as needed to address emerging risks, changes in regulations, or advancements in technology.

Waivers

Waivers from certain policy provisions may be sought following the (Company) Waiver Process.

Enforcement

Personnel found to have violated this policy may be subject to disciplinary action, up to and including termination of employment, and related civil or criminal penalties.

Any vendor, consultant, or contractor found to have violated this policy may be subject to sanctions up to and including removal of access rights, termination of contract(s), and related civil or criminal penalties.