Artificial Intelligence (AI) Acceptable Usage Policy

The AI Acceptable Usage Policy (“Policy”) is designed to ensure that Apps Associates’ Personnel and stakeholders use AI technology in a responsible, ethical, and secure manner. By abiding with this Policy, we can harness the benefits of AI technology while minimizing the risks and ensuring that our business practices align with our values and ethical standards.

This Policy pertains to all Apps Associates employees, affiliates, subcontractors, vendors, and  any other individuals who have access to Apps Associates’ and Apps Associates’ customer technology, resources and/or data (“Personnel”).

As we consider potential advancement and uses of Artificial Intelligence (“AI”), all Personnel  must ensure responsible use and development that supports the acceptable usage requirements outlined in this Policy.

The Apps Associates’ AI Committee has been established and ensures that initiatives have appropriate oversight. The AI Committee will include representatives from key  business departments and will set the guiding principles for an ethical framework that can be operationalized to achieve responsible outcomes to include the following:

• Governance of AI usage
• Technology choices
• Transparency and Explainability
• Responsibility and Accountability
• Robustness and Reliability
• Privacy and Trust
• Safety and Security

Appropriate oversight and guidance from the AI Committee will help to identify, assess, and manage risks associated with AI technologies to ensure long-term growth and value generation.

The Organization for Economic Co-operation and Development (OECD) defines Artificial Intelligence as a machine-based learning system that can, for a given set of human defined objectives, make predictions, recommendations, or decisions that influence real or virtual environments. Specific applications include expert systems, natural language processing, speech recognition, and machine vision. Fundamentally, AI leverages computers to mimic the problem solving and decision-making capabilities of the human mind.

1. Generative AI: The creation of new or original content based on a user’s input (i.e., ChatGPT, Co-Pilot, DALL-E, Bard) such as communications, spreadsheets, reports, videos, 3D models, code generation, Large Language Models may be enhanced with internal data in a model known as Retrieval-Augmented Generation (RAG).

• Retrieval-augmented generation (RAG) involves enhancing the results of a large language model by incorporating information from a trusted external knowledge base, beyond its original training data, prior to generating a response.

2. Machine Learning: A subset of AI that uses algorithms trained on a set of data to produce predictions or adaptive models that can perform complex, human tasks (i.e., audit logging/analytics, ).

Private AI Services:

Private AI services offer robust security controls for protecting sensitive data, and their terms of service establish ownership of creations developed on the platform. These platforms require a business license and are essential for handling any confidential information from Apps Associates or customers, including company names, customer codes, architectural designs, specific data elements, personal data, and more. If you have any questions regarding the appropriate classification of information, please contact [email protected] for assistance.

Public AI Services:

Although public AI services may provide certain fundamental security measures, they do not offer the comprehensive robustness, customization, privacy, and ownership afforded by private AI services. Consequently, public AI should never be utilized for Apps Associates’ or customer identifying information. Anonymous, non-confidential applications include policy creation, general notifications, process documentation, and the generation of basic, nonproprietary code.

Before using public AI, Personnel must contact the security team, providing the required manager approval and the business justification for using the public AI. The security team will then evaluate the AI to determine if it meets the necessary legal and regulatory requirements for use

Apps Associates acknowledges the advantages of using AI tools for various projects. However, it is essential to prioritize security and confidentiality when utilizing these tools. If you have any questions about which set of guidelines apply to your specific situation, please contact the [email protected].The legal and regulatory requirements for the use of AI can vary depending on the jurisdiction and the specific application of the AI technology. However, while using any AI technology in support of business services, the following principles must be adhered to:

1. Human Oversight:

The business must ensure there is adequate human oversight of AI  systems, to ensure they are functioning as intended and producing the best results.

2. Data Protection and Privacy:

The business must ensure that it is collecting and using data in a way that is lawful, fair, and transparent and protects the privacy and security of personal data. Avoid providing confidential information of Apps Associates or its clients to public or open-source AI systems, as Apps Associates cannot regulate how this information might be utilized by the AI. Additional privacy requirements include:

• General Data Protection Regulation (GDPR) (EU): Requires that personal data be processed lawfully, fairly, and transparently to include data minimization, purpose limitation, and data subject rights such as access, rectification, and erasure.
• California Consumer Privacy Act (CCPA/V) (USA): Ensure AI usage meets the rights of California residents regarding the handling of personal data, including the right to know what data is being collected and the right to delete personal data.
• Different industries may have specific regulations regarding the use of AI, and these must be adhered to as applicable. For example, the Health Insurance Portability and Accountability Act (HIPAA) in the USA sets standards for protecting sensitive patient information in healthcare.

3. Transparency and Explainability:

The business must provide clear and concise information to customers about how AI is being used, if data is being collected, and how decisions are being made. Include appropriate notices and disclaimers about the item being produced with generative AI (for example):

“The author generated this text in part with ChatGPT, OpenAI’s large-scale language-generation model. Upon generating draft language, the author reviewed, edited, and revised the language to their own liking and takes ultimate responsibility for the content of this publication.”

4. Ethical Considerations:

Always verify the generated output and consider the ethical implications of using AI, including the potential for biases, hallucinations, and discrimination in AI systems, as well as potential for unintended consequences. Consider ethical guidelines and principles, such as those outlined by organizations like the European Commission’s Ethics Guidelines for Trustworthy AI, and laws such as the Equal Credit Opportunity Act.

5. Security:

• All use of public AI technologies may not be used without a formal vendor security assessment and prior approval from the security team.
• Robust security measures must be implemented to protect data and AI models from breaches or other malicious attacks.
• All systems must be secure from unauthorized access and cyber threats.

6. Intellectual Property and Copyright:

• All use of AI technologies must comply with relevant intellectual property laws, copyright laws, and industry regulations.
• Personnel must ensure that AI-generated content does not infringe upon the intellectual property rights of others.

7. Ownership of AI Creations

• Creations developed using AI services are owned by Apps Associates, unless otherwise specified by contractual agreements.
• Users must adhere to the terms of service of AI platforms, which outline the ownership and usage rights of AI-generated content.

8.Quality Assurance

The business must ensure that its AI systems are accurate, reliable, and trustworthy, and that they are regularly tested and updated to ensure they are performing as intended. All content produced by an AI tool must be reviewed and vetted for accuracy before being used or incorporated into any Apps Associates’ work.

9. Retention

• The business must ensure retention timeframes are developed and in compliance with data minimization requirements for nonpublic information
• Retention timeframes must align with the Apps Associates’ Corporate Records Management Policy, as applicable.

10. Personnel Training

The business must ensure that its Personnel are adequately trained and have the necessary skills to work with AI systems and that they are aware of the policies and guidelines related to AI use.

11. Prohibited Actions

• Personnel are prohibited from using AI technologies to generate content that is illegal, unethical, or violates the rights of any individual or entity.
• The creation and distribution of AI-generated content that misleads, deceives, or causes harm are strictly prohibited.
• Prohibited content includes but is not limited to written content, imagery, and video content.

Apps Associates reserves the right to monitor the use of AI technologies to ensure compliance with this policy. All personnel must adhere to this policy and report any potential violations to [email protected]. Violations of this policy may result in disciplinary action up to and including termination of employment or contract.

Public & Private AI Usage Recommendations