AI Policy
| Last Modified: | 25/07/2025 |
|---|---|
| Modifier: | Deanna Sharma |
| Version: | 1.0 |
Purposes
The purpose of this document is to provide a description of the aims, objectives and overall structure of the Artificial Intelligence Management System (AIMS).
Objectives
The AI Policy is designed for entities providing or using AI-based products or services, ensuring responsible development and use of AI systems and meeting the expectations of interested parties.
It provides a high-level framework required for the unique challenges that AI presents, such as ethical considerations, transparency, continuous learning and effective human oversight. It includes a requirement for a structured approach to manage risks and opportunities associated with AI, balancing innovation with appropriate governance. The AIMS specifies the requirements and provides guidance for its establishment, implementation, maintenance and continual improvement within the context of the Organisation.
Document Scope
This Policy applies to all business functions within the scope of the AIMS and covers the information, information systems and related business functions and its products and services. The AI Policy applies to all employees, contractors and third parties supporting these organisational functions.
AI Role Definitions
| AI Producers: | AI Producers are the individuals or teams responsible for creating AI models, algorithms and systems. AI Producers ensure that the data used for training AI models is clean, accurate and ready for use whilst continuously monitoring and optimising AI models for optimal performance. |
|---|---|
| AI Providers: | AI Providers are responsible for deploying AI solutions, managing updates and ensuring ongoing maintenance of them. AI Providers are also responsible for adhering to ethical guidelines, ensuring system robustness and collaborating with AI Producers for continual improvement. |
| AI Users | AI Users are individuals or teams within an organisation who utilise AI tools, systems or insights. AI Users provide input data, interpret AI-generated insights and make informed decisions. AI systems that have been approved for use by the Organisation are documented within the AI Assets Register. |
The Organisation's role is confirmed as an AI Producer, AI Provider and AI User.
Responsibilities
| Co-founders: | Overall responsibility for Artificial Intelligence. Responsible for ensuring that the appropriate levels of resources are made available to support the Artificial Intelligence function. |
|---|---|
| Management: | Ensures that its employees and contractors comply with this Policy. |
| Artificial Intelligence Management System Manager (AIMS Manager): | Operational responsibility for procedural matters, legal compliance, maintenance and updating of documentation, promotion of AI awareness, liaison with external organisations, incident investigation and management reporting. Responsible for maintaining and coordinating the AI Management System and associated activities. These include AI risks, treatment and impacts of AI systems. |
| Data Protection Officer: | Day-to-day responsibility for data protection. |
| Developers: | Responsibility for technical matters, including technical documentation, systems monitoring, technical incident investigation and liaison with technical contacts at external organisations. |
| Employees and contractors: | Compliance to documented and communicated AI procedures and the AI Policy. |
Principles
The AI Policy is the means by which the Organisation meets the requirements of ISO 42001:2023. It specifies the requirements for the implementation of appropriate controls to meet identified risks relating to the Artificial Intelligence activities of the Organisation.
The implementation and continuing control of the AIMS are fundamental to the work undertaken by the Organisation. The procedures established are adopted and practised by employees as required.
The Organisation has adopted the process approach for developing, implementing, maintaining and improving the effectiveness of its AIMS in order to ensure that the following benefits are realised:
- Responsible AI: ensures ethical and responsible use of Artificial Intelligence
- Reputation management: enhances trust in AI applications through transparency
- AI governance: supports compliance with legal and regulatory standards
- Practical guidance: manages AI-specific risks effectively and appropriately
- Identifying opportunities: encourages innovation within a structured framework.
The Organisation, in adopting the process approach, is committed to:
- Understanding Artificial Intelligence and the need to establish Policies and objectives
- Implementing and operating controls in the context of managing the Organisation's overall organisation risk
- Monitoring and reviewing the performance and effectiveness of the AIMS
- Continual improvement based on objective measures
- Communicating the importance of meeting all applicable requirements, including relevant statutory and regulatory requirements specifically related to its business activities
- Ensuring that adequate resources are determined and provided to monitor, maintain and improve the AIMS.
Artificial Intelligence Management System
Awareness and compliance to Artificial Intelligence procedures are set out in the AI Policy and related guideline documents. Copies of the AI Policy are made available to all employees.
Breaches of the AI Policy and procedures by employees may result in disciplinary action, including dismissal.
Employees are advised and trained on general and specific aspects of Artificial Intelligence according to the requirements of their function within the Organisation. The Contract of Employment includes a condition covering confidentiality.
Statutory and regulatory requirements relating to Artificial Intelligence are met and monitored for ongoing compliance and the identification of any applicable changes.
Alignment with other organisational Policies, including applicable Information Security policies, ensuring they are in place, is maintained and reviewed alongside this AI Policy.
This AI Policy is reviewed at least annually and may be amended in order to ensure its continuing suitability, applicability and regulatory/legislative compliance and with a view to achieving continual improvement in the AIMS.
The AIMS and Artificial Intelligence operations are subject to continuous improvement through a program of internal and external audits, risk assessments and related activities, including nonconformance review, breach monitoring and/or any related client complaints.