Generative AI Use Policy PDF

Summary

This document is a policy from EBSCO Industries regarding the use of generative AI tools. It outlines guidelines and principles for acceptable and responsible use of these technologies within the company.

Full Transcript

GENERATIVE ARTIFICIAL INTELLIGENCE USE POLICY EBSCO Industries Policy Abstract Designed to outline guidelines and principles for all users within the EBSCO Industrie...

GENERATIVE ARTIFICIAL INTELLIGENCE USE POLICY EBSCO Industries Policy Abstract Designed to outline guidelines and principles for all users within the EBSCO Industries Inc. on the acceptable and responsible use of Generative AI technologies. CorpIT Information Security CORPORATE IT - INFORMATION SECURITY Generative AI Use Policy Contents 1. Objective............................................................................................................... 2 2. Scope.................................................................................................................... 2 3. Document References......................................................................................... 2 4. Definitions............................................................................................................. 2 5. Policy Provisions................................................................................................. 3 6. Enforcement......................................................................................................... 5 7. Policy Priority....................................................................................................... 5 Page 1 of 5 CORPORATE IT - INFORMATION SECURITY Generative AI Use Policy 1. Objective This Generative AI Tools Usage Policy (“Policy”) outlines the guidelines and procedures to ensure the secure and responsible use of generative artificial intelligence (“AI”) by the employees of EBSCO Industries, Inc. (the “Company”). The purpose of this Policy is to create the best experience for customers, safeguard company information, maintain data privacy, prevent misuse, and promote ethical practices when using generative AI systems. AI tools, such as ChatGPT, Copilot, Gemini, and CodeWhisperer (“AI Tools”), serve many purposes, including expanding learning, improving workflow, and inspiring creativity. Use of these tools also involves risk, both in connection with the query, prompt, or information provided to the tool, and in connection with the content the tool generates. This Policy is designed to mitigate those risks to the extent possible. 2. Scope This Policy applies, without exception, to all personnel, employees, subcontractors, interns, and consultants of EBSCO Industries (“Company”). The Company may also request that external personnel working with the Company in a partnership, strategic investment, and/or advisory capacity abide by this Policy. 3. Document References 3.1 Data Classification and Handling Policy 3.2 Data Classification and Handling Manual 4. Definitions 4.1. Generative AI: A type of artificial intelligence system capable of generating text, images, or other media in response to prompts. Generative AI models learn the patterns and structure of their input training data, and then they generate new data that has similar characteristics. 4.2. Commercial AI Tools: Software applications or tools that are developed, marketed, and sold by commercial entities for business or professional use. These tools are licensed with contract terms and managed by an application owner/department within the Company. 4.3. Consumer AI Tools: Software applications or tools designed for individual or personal use by consumers. These tools are often widely available, user- friendly, and cater to a broad audience. While consumer-grade tools may be suitable for personal tasks and basic needs, they may lack the advanced features, security measures, and scalability required for organizational use. 4.4. Data Usage: This context refers to the purposes for which data input into AI Tools can be used, the individuals or entities authorized to access it, and the safeguards in place to protect confidentiality. 4.5. Prohibited Content: Any content which violates common decency, public order, and applicable laws. Such content includes, but is not limited to, Page 2 of 5 CORPORATE IT - INFORMATION SECURITY Generative AI Use Policy content that is obscene, violent, harassing, intimidating, defamatory, biased, discriminatory, or otherwise illegal. 5. Policy Provisions 5.1. Authorized Use 5.1.1 You may not use AI Tools for Company business, except as specifically permitted by this Policy. Any such use is subject to this Policy and the Company’s Acceptable Use Policy, Information Security Policy, and Privacy Policy. 5.1.2 In places where this Policy directs you to seek approval from a Company representative, or if you have any other questions about this Policy or wish to discuss specific use cases, please contact the Corporate IT Governance, Risk, and Compliance (GRC) department ([email protected]). 5.2. Permitted AI Tools 5.2.1 Commercial AI Tools are permitted only for Public, Internal, and Confidential data provided legal and security approval. 5.2.2 Consumer AI Tools are permitted only for Public and Internal data provided legal and security approval. 5.2.3 Consumer AI Tools usage must be configured to disable training of the underlying generative AI model. Otherwise, only public data is permitted. 5.2.4 Please see the EBSCO Generative AI Tools Standard which lists approved AI Tools. This list is subject to change and is evaluated by legal and security for policy compliance and Data Usage. 5.2.5 Commercial AI Tools should be used over Consumer AI tools if the desired capability exists. 5.2.6 If you wish to use any other AI Tools for Company business, you must first obtain approval from the Corporate IT GRC department ([email protected]). 5.3. Purpose of Use 5.3.1 The purpose of use of Commercial AI Tools is defined based on the business domain, setup, and configuration by the business owner. 5.3.2 The purpose of use of Consumer AI Tools is assistance with general knowledge tasks. 5.3.3 AI Tools may not be used to: i. Engage in fraudulent or illegal activities. ii. Generate Prohibited Content. iii. Generate content that you claim to have created yourself or to be created without AI Tools. iv. Engage in regulated activities, including the practice of law or provision of financial, medical, or other professional advice. Page 3 of 5 CORPORATE IT - INFORMATION SECURITY Generative AI Use Policy v. Make decisions that would materially affect an individual (e.g., decisions that would have a legal or similarly significant effect, such as decisions regarding hiring or evaluation of Company personnel). AI Tools should be used only to support – not make – decisions. 5.4. Inputting Information 5.4.1 Assume that any information provided to Consumer AI Tools could become Public. 5.4.2 Do not input Restricted Data into an AI Tool prompt. If there are data classification questions, please contact the Corporate IT GRC Department or the Legal Department. 5.5. Using Output Generated by AI Tools The following rules and guidelines apply to the use of any AI generated material or content (output) in Company content or a Company product: 5.5.1 All AI generated content should be TREATED AS A DRAFT that you review and revise as needed. 5.5.2 VERIFY THE ACCURACY of any AI generated content that purports to be factual using independent sources; do not rely on sources cited by the AI Tool, which can be inaccurate. 5.5.3 SCAN ALL SOFTWARE CODE which is AI-generated with open-source and commercial-license tools before including any such code in Company software (if you determine that AI-generated code is covered by a license, you must first discuss with the Legal Department whether such code may be used in Company software). 5.5.4 DO NOT USE any AI-generated images in external Company materials without approval of the Legal Department. 5.5.5 If an AI-generated output refers to or contains any third-party names, trade names, trademarks, or logos, DO NOT USE the output unless you have confirmed with the Legal Department that such use is allowed. 5.5.6 DO NOT USE any output that may contain Prohibited Content. 5.6. Changes to this Policy The following rules and guidelines apply to the use of any AI-generated material or content (output) in Company content or Company products: 5.6.1 This Policy may change at any time. If it does change, the updated version will be posted in PolicyTech (unless another type of notice is required by applicable laws). 5.6.2 By using AI Tools in the course of or in connection with your employment or other relationship with the Company, you agree to follow this Policy, along with any changes thereto. Page 4 of 5 CORPORATE IT - INFORMATION SECURITY Generative AI Use Policy 5.7. Monitoring and Reporting 5.7.1. Company management will verify compliance with this Policy through various methods, including but not limited to periodic review, business tool reports, internal and external audits, and feedback to the policy owner. 5.7.2. Exceptions to this Policy will only be allowed if approved by the Corporate IT GRC and verified by Corporate Information Security. 6. Enforcement Failure to comply with this Policy may result in disciplinary actions, up to and including termination of employment or contract. Employees are encouraged to report any violations or concerns related to this Policy through the Corporate IT GRC Department or the Legal Department. All reports or inquiries will be treated confidentially. 7. Policy Priority This corporate policy takes precedence over all policies derived from or published by business units or other EBSCO affiliated companies. In the event of a conflict between the terms of policies, the corporate policy will apply. Page 5 of 5

Use Quizgecko on...
Browser
Browser