Responsible AI Use Policy
1. PURPOSE
This policy outlines the principles, safeguards, and responsibilities governing the use of Artificial Intelligence (AI) technologies by nVisionIT when delivering services to clients. The goal is to ensure that AI is used responsibly, ethically, securely, and transparently, following industry standard Responsible AI frameworks and aligning with applicable privacy regulations such as POPIA.
2. SCOPE
This policy applies to:
Our Responsible AI programme is based on globally recognised frameworks and industry best practices. These principles serve as the foundation for all AI related work performed for clients.
3.1 ACCOUNTABILITY
nVisionIT maintains full accountability for any AI system used in a client environment. Humans remain responsible for reviewing, verifying, and approving all AI generated outputs.
3.2 FAIRNESS & BIAS MITIGATION
We follow structured processes to minimise bias during model selection, prompt design, data handling, and output evaluation.
3.3 DATA PRIVACY & POPIA ALIGNMENT
All AI activities must respect:
3.4 TRANSPARENCY
We aim to provide clients with clear visibility into:
AI enabled processes must be resilient, governed, and protected from misuse, manipulation, or leakage.
3.6 VALIDITY & RELIABILITY
All AI-generated material undergoes quality checks, testing, and verification for accuracy, correctness, and business relevance.
4. ACCEPTABLE USE OF AI IN CLIENT ENVIRONMENTS
4.1 PERMITTED USE
AI may be used for:
4.2 PROHIBITED USE
Employees must not:
5.1 ZERO EXPOSURE RULE
No confidential, regulated, personal, or client owned data may be submitted to external AI platforms unless:
AI systems used in client engagements must follow:
Automated tools may assist with risk scoring, compliance tagging, and identifying sensitive information under POPIA.
6. CLIENT TRANSPARENCY & REPORTING
nVisionIT commits to:
7.1 APPROVAL OF AI TOOLS
Only approved AI technologies may be used for client projects, based on:
AI assists, humans own.
All AI generated artefacts must be:
Internal governance teams periodically review:
nVisionIT commits to compliance with:
9. INCIDENT MANAGEMENT & REPORTING
Any suspected or confirmed AI related incident - including data leakage, incorrect outputs, harmful content, or unauthorised access - must be immediately escalated to info@nvisionit.co.za or Account Manager for containment and client notification where required.
10. REVIEW CYCLE
This policy will be reviewed annually, or sooner if:
This policy outlines the principles, safeguards, and responsibilities governing the use of Artificial Intelligence (AI) technologies by nVisionIT when delivering services to clients. The goal is to ensure that AI is used responsibly, ethically, securely, and transparently, following industry standard Responsible AI frameworks and aligning with applicable privacy regulations such as POPIA.
2. SCOPE
This policy applies to:
- All AI systems, tools, and models used in client engagements (including Generative AI, classification systems, Copilot-based tooling, and automated analysis tools).
- All nVisionIT staff, contractors, and partners involved in consulting, development, testing, data handling, or solution delivery.
Our Responsible AI programme is based on globally recognised frameworks and industry best practices. These principles serve as the foundation for all AI related work performed for clients.
3.1 ACCOUNTABILITY
nVisionIT maintains full accountability for any AI system used in a client environment. Humans remain responsible for reviewing, verifying, and approving all AI generated outputs.
3.2 FAIRNESS & BIAS MITIGATION
We follow structured processes to minimise bias during model selection, prompt design, data handling, and output evaluation.
3.3 DATA PRIVACY & POPIA ALIGNMENT
All AI activities must respect:
- Data minimisation
- Purpose specificity
- Consent requirements
- Secure processing
- Avoidance of confidential data exposure
3.4 TRANSPARENCY
We aim to provide clients with clear visibility into:
- How AI systems function
- How outputs are generated
- How content is validated
AI enabled processes must be resilient, governed, and protected from misuse, manipulation, or leakage.
3.6 VALIDITY & RELIABILITY
All AI-generated material undergoes quality checks, testing, and verification for accuracy, correctness, and business relevance.
4. ACCEPTABLE USE OF AI IN CLIENT ENVIRONMENTS
4.1 PERMITTED USE
AI may be used for:
- Code scaffolding, automated testing, secure deployment analysis, regression analysis
- Document generation (BRDs, SADs, specs) and internal productivity
- Security focused enhancements such as anomaly detection
- Classification of data under POPIA and other regulatory frameworks
4.2 PROHIBITED USE
Employees must not:
- Provide any client, citizen, confidential, or third-party data to public Generative AI tools without explicit approval
- AI tools to generate full systems or deploy unvalidated code.
- Use AI in a way that violates laws, contracts, privacy requirements, or industry standards.
- Generate deceptive, fraudulent, or misleading content.
5.1 ZERO EXPOSURE RULE
No confidential, regulated, personal, or client owned data may be submitted to external AI platforms unless:
- A contractual agreement exists,
- The platform meets client specific security requirements, and
- Explicit written approval is obtained.
AI systems used in client engagements must follow:
- Data classification
- Access controls
- Encryption standards
- Secure prompt-handling guidelines
Automated tools may assist with risk scoring, compliance tagging, and identifying sensitive information under POPIA.
6. CLIENT TRANSPARENCY & REPORTING
nVisionIT commits to:
- Disclosing where and how AI is used in deliverables
- Outlining validation steps and safeguards
- Documenting governance and human review processes
- Model usage details
- Data handling procedures
- Security or audit assurances
- AI risk assessments
7.1 APPROVAL OF AI TOOLS
Only approved AI technologies may be used for client projects, based on:
- Security posture
- Licensing
- Cost management
- Governance review
AI assists, humans own.
All AI generated artefacts must be:
- Reviewed
- Version controlled
- Tracked in repositories
Internal governance teams periodically review:
- Model performance
- Security threats
- Compliance requirements
- Effectiveness of controls
nVisionIT commits to compliance with:
- POPIA
- Client specific data protection terms
- Industry standards for responsible AI
- Global frameworks (where applicable)
9. INCIDENT MANAGEMENT & REPORTING
Any suspected or confirmed AI related incident - including data leakage, incorrect outputs, harmful content, or unauthorised access - must be immediately escalated to info@nvisionit.co.za or Account Manager for containment and client notification where required.
10. REVIEW CYCLE
This policy will be reviewed annually, or sooner if:
- Regulatory environments change
- Client requirements necessitate modifications
- New AI capabilities introduce new risk considerations