Introduction

Ensuring the ethical and responsible use of AI systems is crucial. This document outlines key aspects of our AI features, security measures, and privacy practices.

At A-LIGN, we are dedicated to advancing digital security and ensuring the responsible use of AI. Our product, A-SCEND, integrates AI into our security and compliance solutions, prioritizing privacy, security, transparency, and accuracy. We have established comprehensive AI principles that guide the development and deployment of A-SCEND's AI features, ensuring they are trustworthy and beneficial for both our team and the customers we serve.

A-SCEND's AI Services and Functionality

A-SCEND offers a suite of AI-driven services designed to enhance security and streamline compliance processes. Our AI features include advanced document analysis, intelligent audit request matching, and insightful content generation. By leveraging cutting-edge AI models, A-SCEND provides efficient solutions that help organizations manage their security and compliance needs effectively.

Frequently Asked Questions

What is Gemini?

Gemini is an advanced AI language model developed by Google, used for the AI Evidence Matching feature to answer questions, generate content, and provide insights.

How does this AI feature leverage Gemini & How is my data protected?

Our AI uses a private instance of Gemini via an API to process and generate responses. Each client’s data is hosted in its own, secured and separately encrypted bucket. The model is never trained on any client data, and when queried is at a per-client level.

Does the AI feature use my data for training the model?

No, your data is not used for training. The pre-trained model does not retain or use your input data.

What types of tasks can the AI feature perform?

• Analyzing documents and matching them to audit requests.
• Summarizing how documents meet audit requirements.

Can the AI feature access the internet or external databases?

No, it only works with the data you provide and the pre-existing knowledge within the model.

Can I opt-out of any or all the AI features?

Yes, explained here. 

AI Products Overview

The AI feature can perform a variety of tasks, including:

• Analyzing documents and matching them to audit requests based on context.
• Summarizing how the document met the description of the audit request.

AI Security

• Encryption: All data processed by the AI is encrypted both in transit and at rest using industry-standard encryption protocols.
• Access Control: Strict access controls are in place to ensure that only authorized personnel can access the AI systems and the data they process.
• Monitoring and Auditing: Continuous monitoring and regular audits are conducted to ensure the security and integrity of the AI systems.
• Compliance: Our AI systems comply with relevant security standards, including SOC 2, and are regularly reviewed to ensure ongoing compliance.

AI Privacy

• Data Handling: Client data is processed within a secure, private instance of Gemini and is not used to train external AI models.
• Data Minimization: Only the data necessary for the AI to perform its tasks is processed, and data is retained only for as long as necessary to fulfill its purpose.
• User Control: Clients have control over their data and can request its deletion at any time.

AI Principles

• Do No Harm: All usage of AI must first and foremost seek to do no harm to its customers or to the organization. Reasonable attempts should be made to predict any potential cases of harm posed by a project.
• Security and Privacy by Design: Every AI project and ongoing effort must incorporate security and privacy by design from day one and with every substantive change.
• Explainability and Transparency: Reasonable efforts are taken to ensure the explainability of results and provide transparency into the process by which they were derived.
• Data Control and Risk: A clear understanding of the data being used by AI is established, and guardrails are in place to control the scope of data access. A plan is established for the risks posed by such access as well as the resulting outputs.

If you have any questions about this policy, please reach out to AIPolicy@a-lign.com and we will be happy to help.

v.4.13.26