AIMS Handbook on Rygen Technologies AI Management System Handbook

AI Policy

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This AI Policy establishes Rygen Technologies’ commitment to building innovative AI systems responsibly. As a logistics technology leader, we recognize AI’s transformative potential to revolutionize supply chain efficiency, decision-making, and customer experience. This policy guides our approach to developing, deploying, and governing AI systems while maintaining the highest standards of trust and accountability.

Scope

Any AI system used or developed by Rygen, and all members of the Rygen team that affect AI systems, are subject to this policy, including:

Charter

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This document formally establishes Rygen Technologies’ Artificial Intelligence Management System (AIMS) in accordance with ISO/IEC 42001:2023. The AIMS serves as the governance and operational framework to ensure responsible, transparent, and effective development, deployment, and use of AI systems across Rygen’s platforms and internal operations.

Scope

The scope of the AIMS is defined in the “Scope of the AIMS” document and includes:

All AI-powered features in the TMS and IPaaS
AI-driven internal tools
Models and logic built in-house, integrated via third-party APIs, or managed open-source components
All teams contributing to AI development, deployment, governance, or monitoring

Objectives of the AIMS

Ensure AI is developed and used in a trustworthy, safe, and compliant manner
Align AI practices with business strategy and risk tolerance
Enable consistent application of policies, risk assessments, and reviews across AI projects
Support continual improvement through feedback, monitoring, and governance

Structure of the AIMS

The AIMS consists of:

Statement of Applicability

Mon, 01 Jan 0001 00:00:00 +0000

1. Purpose

This Statement of Applicability (SOA) defines which ISO 42001:2023 Annex A controls are applicable to Rygen’s AI Management System (AIMS). It provides:

A complete listing of all Annex A controls
The applicability determination for each control (Included/Excluded)
Implementation status for included controls
Justification for any excluded controls
Evidence references demonstrating control implementation

This document fulfils the requirements of ISO 42001:2023 clause 6.1.3f and serves as the formal controlled record for audit purposes.

Scope

Fri, 16 Jan 2026 00:00:00 +0000

Purpose

This document defines the boundaries and applicability of Rygen’s AI Management System (AIMS) and specifies which parts of the organization, products, and operations are governed by it.

Scope Statement

Rygen’s AI Management System (AIMS) applies to the AI systems for Logistics SaaS services which Rygen provides.

Scope Exclusions

The following are out of scope for the current AIMS implementation:

Non-AI software modules with no AI dependencies.
Third-party SaaS services integrated via API but not developed or hosted by Rygen.
Marketing or experimental prototypes not deployed to production.

AI systems previously excluded enter the AIMS scope when any of the following occur:

Security Policy

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This policy establishes our systematic approach to securing AI systems and protecting sensitive information throughout the AI lifecycle. It defines security guidelines for AI systems at Rygen Technologies to protect sensitive data, ensure secure AI deployment, and support our compliance requirements.

Scope

This policy applies to all AI systems and tools used at Rygen:

X1 Platform AI features
Corsair TMS AI capabilities
Internal AI tools and third-party AI services

Security Framework

We apply defense-in-depth principles to AI systems, ensuring security at every layer from data handling through model deployment and output validation. This multi-layered approach protects both our organization and our clients’ sensitive information.

Objectives

Wed, 08 Oct 2025 00:00:00 +0000

Purpose

This document establishes the measurable objectives for Rygen Technologies’ AI Management System (AIMS) in accordance with ISO/IEC 42001:2023. These objectives support the AI Policy and demonstrate our commitment to responsible, effective, and trustworthy AI deployment.

Scope

These objectives apply to all AI systems within the AIMS scope, including the X1 Integration Platform, Corsair TMS, and internal AI tools.

AIMS Objectives

Trustworthy Delivery

Objective: AI systems shall be evaluated for trustworthiness requirements prior to deployment, with explainability and human oversight controls implemented based on risk and impact assessment outcomes for mission-critical systems or decision-support applications.

Communication Policy

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This policy establishes how Rygen Technologies communicates about AI systems and the AI Management System (AIMS) with internal and external stakeholders.

Scope

This policy applies to all AI-related communications including new features, incidents, compliance requirements, and stakeholder feedback across all Rygen platforms and internal operations.

Communication Framework

We take a measured and responsible approach to communicating our stance toward AI, AI initiatives, AI capabilities, and any issues with the AI systems we deploy. This impacts both internal and external stakeholders, and involves establishing what members of our team communicate, whom they communicate with, when they communicate it, and how the information is communicated.

Roles and Responsibilities

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This document defines and communicates the roles, responsibilities, and authorities for the effective implementation, maintenance, and continual improvement of the AI Management System (AIMS) in alignment with ISO/IEC 42001:2023.

Scope

This responsibility structure applies across all departments involved in the development, deployment, governance, and operation of AI systems at Rygen, including AI capabilities embedded in the Transportation Management System (TMS), the Integration Platform (IPaaS), and internal support tools.

Top-Level Responsibility and Oversight

Principal AI Engineer – Owner of the AIMS

The Principal AI Engineer is accountable for the establishment, implementation, maintenance, and continual improvement of the AIMS. This role is responsible for ensuring that AI systems at Rygen are developed and deployed in accordance with the principles of ethical, transparent, and trustworthy AI as outlined in ISO 42001. Responsibilities include:

Governance Committee

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This document identifies the assigned roles, responsibilities, and authorities of the AI Governance Committee at Rygen Technologies in accordance with ISO/IEC 42001:2023 Clause 5.3. It ensures that responsibilities are clearly allocated and communicated to support the implementation and maintenance of the AI Management System (AIMS).

Scope

This document applies to all members of the AI Governance Committee involved in the oversight of Rygen’s AI Management System and AI-related governance processes.

Acceptable Usage Policy

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This policy establishes guidelines and requirements for the use of artificial intelligence (AI) tools and services within the organization to protect company data, ensure compliance, and maintain security standards.

Scope

This policy applies to all employees, contractors, and temporary workers who use or wish to use AI tools in connection with their work duties.

Policy Statement

All AI tools and services not created by Rygen must receive explicit approval before use in any work-related context.
Only those tools found in the Approved AI Tools list may be used at Rygen, and those tools must be used according to their safe usage constraints.
AI tools that cannot provide opt-out options for using data for training purposes are prohibited.
Employees must verify and enable data privacy settings before using any approved AI tool.
Sensitive company information, such as contact information and payment data, is prohibited from use with any AI tools.
Company confidential information and proprietary data may only be input into AI tools that have been specifically approved for handling such data and must be used in accordance with any additional security requirements or restrictions specified during the approval process.
Employees must not connect unauthorized third party AI systems directly to company databases, file systems, or any other information system owned by Rygen.
Employees must report any potential data breaches or security concerns related to AI tool usage immediately.

Requirements for AI Tool Approval

The tool must provide clear documentation of its data handling practices.
The tool must offer the ability to opt out of data collection for training purposes.
The tool must have enterprise-grade security features.
The tool must comply with relevant industry regulations and standards.
The vendor must provide clear terms of service and data processing agreements.

Prohibited Uses

Using unapproved AI tools for any work-related purpose.
Bypassing security settings or data privacy controls.
Sharing access credentials for AI tools.
Using unauthorized personal AI accounts for work purposes.
Uploading sensitive company data to AI tools without explicit authorization.
Connecting unapproved AI tools directly to company file systems or databases.

Compliance and Enforcement

IT Security will maintain a list of approved AI tools.
Regular audits will be conducted to ensure compliance.
Violations may result in disciplinary action.
All incidents involving unauthorized AI usage must be reported.

Approval Procedure

Employee submits AI Tool Request Form to IT Security.
IT Security reviews request and evaluates tool against security requirements.
Legal reviews terms of service and data processing agreements.
If approved, IT Security documents configuration requirements.
Employee receives training on proper tool usage.
IT Security enables and configures tool access.

See the AI Tool Approval Procedure for detailed approval steps.

Document Control

Tue, 20 Jan 2026 00:00:00 +0000

Purpose

This procedure establishes requirements for the control of documents within the the Rygen AI Management System.

Scope

This procedure applies to all AIMS documents including policies, procedures, records, and forms. The specific identification and formatting rules in Section 3.1 apply to core governance documents classified as the AIMS Handbook (e.g., policies, procedures, processes). Other records (e.g., risk assessments, meeting minutes) must be identifiable and controlled, but may follow tooling-specific formats.

Risk Management

Tue, 28 Oct 2025 00:00:00 +0000

Purpose

This document establishes the framework for identifying, assessing, evaluating, and treating risks within Rygen Technologies’ AI Management System (AIMS), in accordance with ISO 42001, which ensures that AI risks are addressed systematically, ensuring responsible AI delivery that our stakeholders can depend on.

Scope

This framework applies to all AI systems within the AIMS scope, personnel involved in the AI system development lifecycle, and all risk assessments (initial, periodic, or trigger-based).

Impact Assessment

Tue, 13 Jan 2026 00:00:00 +0000

Purpose

This process ensures we systematically evaluate how AI systems affect the people and organizations that interact with them, enabling informed decision-making and responsible AI deployment. It defines the process for assessing potential positive and negative impacts to ensure that affected parties are considered and appropriate actions can be taken to capitalize on positive impacts while mitigating negative ones.

Scope

This process to all AI systems built or used by Rygen, including:

Data Management

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This document establishes Rygen Technologies’ AI Data Management Process in accordance with ISO/IEC 42001:2023 Section B.7. It ensures that data used in AI systems is properly acquired, validated, documented, and maintained throughout the AI system lifecycle.

Scope

This process applies to all data used within the AIMS scope:

Training data for custom ML models
Validation and test data
Production/operational data
Data transmitted to/from third-party AI APIs
Internal data used with internal AI tools

Applicability by System Type

This procedure applies to all AI systems within the AIMS scope, but deliverable requirements differ based on system architecture:

Development Lifecycle

Wed, 08 Oct 2025 00:00:00 +0000

Purpose

This document defines Rygen Technologies’ AI system development lifecycle, ensuring all AI systems are developed in accordance with ISO/IEC 42001:2023 requirements. It is intended to guide and inform the AI development process from end to end, ensuring that AI systems developed by Rygen are responsible and governed.

Scope

This lifecycle applies to all AI systems developed or substantially configured by Rygen:

AI-powered features developed for X1 Platform (IPaaS)
AI features developed for Corsair (TMS)
Internal AI tools and automations developed by Rygen
AI implementations requiring configuration, training, or customization

AI System Development Lifecycle

flowchart TD
 A[Problem Definition] --> B{Go / No Go?}
 B -->|No| C[Don't Implement]
 B -->|Yes| D[Data Collection and Preparation]
 D --> E[Training and Development]
 E --> F[Evaluation]
 F --> G{Acceptable?}
 G -->|No| D
 G -->|Yes| H[Deployment]
 H --> I[Monitoring]
 I --> J[Refinement]
 J --> D

Development Lifecycle Phases

Phase 1: Problem Definition

Purpose: Define the problem; assess impact and risk; evaluate feasibility; and document system design

Nonconformance

Wed, 14 Jan 2026 00:00:00 +0000

Purpose

This procedure establishes the process for identifying, documenting, investigating, and addressing nonconformities within Rygen’s AI Management System (AIMS) to ensure that we systematically identify, analyze, and resolve issues within our AI systems.

Scope

This procedure applies to all nonconformities related to:

AI systems within AIMS scope (X1, Corsair, internal AI tools)
AIMS processes and procedures
AI governance and compliance requirements
AI system performance, security, or ethical issues

Definitions

Nonconformity: Failure to fulfill a requirement of the AIMS, including:

Internal Audits

Mon, 13 Jan 2025 00:00:00 +0000

Purpose

This procedure establishes Rygen Technologies’ internal audit program for the AI Management System (AIMS) in accordance with ISO/IEC 42001:2023 Section 9.2, to provide information on whether the AIMS conforms to organizational requirements and the requirements of the standard, and is effectively implemented and maintained.

Scope

This procedure applies to all internal audits of the AIMS, covering all processes, activities, and areas within the defined AIMS scope including:

• AI systems (X1 Platform, Corsair, internal AI tools) • AIMS processes and procedures • AI governance activities • Risk management processes • All organizational units involved in AI activities

Performance Monitoring

Wed, 08 Oct 2025 00:00:00 +0000

Purpose

This plan defines what aspects of the AI Management System (AIMS) are monitored and measured, the methods used, and the frequency of evaluation to ensure continuing suitability, adequacy, and effectiveness per ISO/IEC 42001:2023 Section 9.1.

Scope

This monitoring plan applies to all components of Rygen’s AIMS including:

AIMS objectives performance
AI system performance and effectiveness
Risk management effectiveness
Process conformity and effectiveness
Stakeholder satisfaction

Monitoring and Measurement Framework

AIMS Objectives Monitoring

Objective	Metric	Target	Method	Frequency	Responsible
Trustworthy Delivery	% AI features with explainability or human oversight controls	100%	Review system documentation & implementation	Quarterly	Principal AI Engineer
Performance Excellence	% AI systems meeting performance targets	90%	Evaluation reports & benchmarking	Monthly	AI/ML Team
Responsible AI Governance	% completed assessments before deployment	100%	Risk & impact assessment tracking	Per deployment	Principal AI Engineer
Client Value Through Innovation	New AI features deployed per year	2+	Feature deployment tracking	Semi-annually	Product Manager
Operational Resilience	AI service availability	99%	System monitoring & incident logs	Monthly	DevOps Team
Compliance	% compliance with requirements	100%	Audit results & certification status	Quarterly	Principal AI Engineer

AI System Performance Monitoring

What is Monitored:

Management Review

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This procedure ensures systematic, regular evaluation of our AI Management System to maintain its effectiveness and continuous improvement. It establishes the quarterly management review process for Rygen Technologies’ AI Management System (AIMS) in accordance with ISO/IEC 42001:2023 Section 9.3.

Scope

This procedure applies to the systematic review of AIMS performance, suitability, adequacy, and effectiveness by top management.

Management Review Framework

Regular management reviews ensure our AIMS remains aligned with business objectives, addresses emerging risks, and continuously improves based on performance data and stakeholder feedback. This systematic approach demonstrates our commitment to maintaining effective AI governance at the executive level.

Incident Response

Tue, 14 Jan 2025 00:00:00 +0000

Purpose

This procedure establishes the framework for responding to incidents involving AI systems within Rygen’s AI Management System (AIMS) in accordance with ISO/IEC 42001:2023 Section 8.1 and Annex A.8.4. It ensures AI incidents are properly identified, managed, communicated, and used to improve the AIMS.

Scope

This procedure applies to all incidents involving AI systems within the AIMS scope:

X1 Platform AI features
Corsair TMS AI capabilities
Internal AI tools and third-party AI services
AI development and deployment processes

AI Incident Types

An AI incident is any unplanned event or situation that affects or has the potential to affect:

Approved Tools

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This procedure is intended to provide guidance on the process for requesting approval to use AI tools within Rygen.

Scope

This procedure applies to all the employees at Rygen who use or have access to Rygen’s information assets.

This procedure applies to:

Standalone AI tools and platforms
MCP (Model Context Protocol) connectors used within approved AI tools (e.g., Claude Desktop, ChatGPT)
AI tool extensions and plugins that process company data

This procedure does not apply to standard integrations used by approved AI tools (e.g., GitHub, Google Drive, Slack integrations within AI platforms) that are pre-configured by the vendor. These integrations fall under Rygen’s general Security Policy and Acceptable Use Policy.

Approved AI Tools List

Fri, 21 Feb 2025 00:00:00 +0000

Purpose

This document lists the AI tools that are approved for use within Rygen, along with constraints for using them safely with company data.

Scope

These tools can be used safely by any member of the Rygen team, provided they follow the safe usage constraints specified for each tool.

Approved Tools

The following AI tools have been approved for use within their safe usage constraints.

Tool	Approved By	Approved Date	Safe Usage Constraints
ChatGPT (Plus, Pro, or Teams)	Chris Broom	2025-02-21	• Only Plus, Pro, or Teams versions can be used • Free version can be used when following usage policies • Improving the model must be turned off in Data Controls • Do not submit any conversations for review
Claude (Pro, Max, Teams)	Chris Broom	2025-02-21	• Only Pro or Teams versions can be used • Do not submit any conversations for review
Github Copilot	Chris Broom	2025-02-21	• Must use Rygen’s organizational account
Cursor	Chris Broom	2025-02-21	• Privacy mode must be enabled
Cline	Chris Broom	2025-02-21	• Must use Rygen-provided API key
Circleback.ai	Chris Broom	2025-02-21	• Be careful of conversations and documents shared
Google Gemini	Field Bradley	2025-04-01	• Only Pro version or built in GCP version can be used, or follow usage policies for free version
Leapsome	Field Bradley	2025-04-01	• Usage following the Leapsome terms and conditions
Aider	Field Bradley	2025-05-12	• Opt out of usage data sharing • Only use approved LLMs
n8n	Field Bradley	2025-08-15	• Utilize only with approved LLMs
Greptile	Field Bradley	2025-11-13	• Usage following the Greptile terms and conditions

Approved MCP Connectors

The following MCP (Model Context Protocol) connectors have been approved for use with Claude Desktop and other compatible AI tools.

Competency Matrix

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This matrix defines the competencies required for roles critical to the AI Management System (AIMS) and identifies how competence is evidenced and maintained.

Competency Requirements

Principal AI Engineer

Required Competencies: • ISO 42001 knowledge • AI/ML expertise • AI risk management • AI ethics and governance • Leadership and communication

Minimum Evidence: • Advanced degree or equivalent experience • 5+ years AI/ML experience • ISO 42001 training certificate • Current role performance

Mon, 01 Jan 0001 00:00:00 +0000

AI Tool Request Form

Requestor Information

Name:
Department:
Role:
Manager:
Date:

Tool Information

Tool Name:
Vendor:
Website:
Pricing Model:
Number of Required Licenses:

Business Justification

Primary Purpose:
Expected Benefits:
Alternative Solutions Considered:
Impact if Not Approved:

Technical Details

Does the tool offer opt-out from data training? (Yes/No):
Data security features:
Required integrations:
Type of data to be processed:
Browser/system requirements:

Usage Details

Who will use this tool?
What type of data will be processed?
How frequently will it be used?
Required access level:

Competence and Training

Mon, 01 Jan 0001 00:00:00 +0000

1. Purpose

This procedure defines the process for ensuring that all personnel with responsibilities within the AI Management System (AIMS) possess the necessary competence to fulfill their roles. It establishes the framework for identifying training needs, delivering training, and maintaining records of competence in accordance with ISO/IEC 42001:2023 Clause 7.2.

2. Scope

This procedure applies to all Rygen employees and contractors whose roles and responsibilities are defined within the AIMS. It covers general AIMS awareness training for all staff and role-specific competence training for personnel with direct involvement in AI system development, oversight, or governance.