Services
Services Overview Information Security Policies Infosec Audits
Solutions
WISP - Written Information Security Program iO™ ClickSafe eMail
Resources
Email Deliverability Check Email SPF Checker DKIM Checker
iO™ Media
Blog Podcast - Cash in the Cyber Sheets
About Us
Contact Us About Us Input Output ADA Compliance Statement Privacy Policy Satisfaction Guarantee Terms & Conditions
CONTACT US

#68: Cash in the Cyber Sheets - AI Policy Development

Season #1

Welcome to Cash in the Cyber Sheets, a channel dedicated to helping organizations understand and strengthen their information security programs. Hosted by James from Input Output, we provide practical insights into policies, compliance, risk management, and the real-world challenges of securing technology in business environments.

Artificial intelligence is transforming how companies operate, but it also introduces new risks that must be managed responsibly. This channel highlights the importance of structured policies and controls that address both the opportunities and threats posed by AI.

Recent episodes focus on the development of an improved AI policy, shaped by input from multiple organizations, subject matter experts, an advisor to the FBI, the ISO 42001 standard, and penetration testing exercises. The result is a set of proposed controls that organizations can adapt and implement within their security frameworks. These include:

  • AI Usage and Risk Management
    Establish practices to ensure AI is used securely, ethically, and in compliance with regulations.

  • Acceptable AI Use
    Define and communicate policies outlining what employees can and cannot do when using AI systems.

  • Personal Account Restrictions
    Prohibit the use of non-corporate AI accounts to protect organizational information from being disclosed or retained outside approved environments.

  • Protection Against Exploitation
    Implement safeguards against prompt injection and malicious manipulation that could compromise data integrity or confidentiality.

  • Data Retention and Deletion
    Define rules for storing and deleting data processed by AI, ensuring compliance with regulatory and contractual requirements.

  • Legal Discovery Considerations
    Incorporate AI into legal discovery processes to support data preservation, retrieval, and production when required.

  • Training Restrictions
    Prevent organizational data from being used to train or fine-tune AI models without explicit approval and safeguards.

  • Role-Based Access Controls
    Enforce access restrictions so employees and AI systems only process the minimum information necessary.

The goal of this channel is to make cybersecurity policy and compliance actionable for businesses of all sizes. Whether you manage IT, own a business, or oversee compliance, you will find guidance here to strengthen your security posture and align with modern risks.

If your organization needs assistance developing or improving its policies, visit Input Output to learn how we can help.