Elucidat Information Security Statement: Artificial Intelligence
Last updated: May 2023
This document presents the position of Elucidat on the issue of using Artificial Intelligence (AI) in both our business and in the development of the Elucidat Application. The intention of Elucidat is to promote the use of AI tools whilst providing for responsible use of emerging technologies.
As with everything we do at Elucidat, information security and data protection will always be central to our innovation, along with our Learn, Care, Share company values. We are fully committed to protecting the business information and personal data of our customers, and as an ISO 27001 certified business, will always prioritise safe ways of working.
- We will explore the principles of AI tools and follow developments in this field.
- We will find ways to use new technologies to help us achieve our mission.
- We will ensure we understand and follow best practice on how to work safely with AI technologies in a way that always prioritises information security and data protection.
- We are committed to exploring the capabilities of AI responsibly, and will always demonstrate care with the information that we choose to share with AI.
- Whenever we work with AI we will ensure that appropriate safeguards are in place to protect all Personally Identifiable Information (PII), customer confidential information, and Elucidat confidential information, and we will ensure it is never shared back to any publicly accessible learning models.
- We will always exercise care when utilising AI generated information and ensure that any work that is created with AI assistance is to the high standard that our colleagues and customers would expect.
- We will always be open and transparent in explaining the tools that we are using and how they will affect and enhance the user experience.
- We will endeavour, wherever possible, to allow customers to opt out of using AI features.
Our current position
In line with our requirements under ISO 27001, we have a robust third-party approvals process in place, whereby all staff must submit an application for new softwares (or for the use of new AI features within an existing application) that they would like to use within Elucidat. Once submitted to our Information Security Team, a thorough assessment is carried out to ensure that the new software or resource meets our information security standard, and is compliant with our requirements under UK GDPR.
This best practice, along with specific AI training and agreements, and broader information security training sessions, ensures we are always working safely with new technologies.