Tristan Roth, a Certified Information Security Manager, posted on LinkedIn that as soon as a company starts using artificial intelligence, they need to write an AI security policy. Here are his recommended requirements:
- The purpose of AI regulation.
- Scope - what AI tools are being used, e.g. ChatGPT.
- The risks the policy is designed to mitigate.
- How employees should access AI tools.
- Who is allowed to access AI tools and for what purpose.
- Security authentication mechanisms.
- Guidelines for protection of sensitive information.
- Authorized and prohibited uses, with examples.
- Data retention control and mitigation.
- Monitoring tools.
- Training and awareness requirements.