Security Policy
Purpose
This policy establishes our systematic approach to securing AI systems and protecting sensitive information throughout the AI lifecycle. It defines security guidelines for AI systems at Rygen Technologies to protect sensitive data, ensure secure AI deployment, and support our compliance requirements.
Scope
This policy applies to all AI systems and tools used at Rygen:
- X1 Platform AI features
- Corsair TMS AI capabilities
- Internal AI tools and third-party AI services
Security Framework
We apply defense-in-depth principles to AI systems, ensuring security at every layer from data handling through model deployment and output validation. This multi-layered approach protects both our organization and our clients’ sensitive information.
Data Protection
- Never input confidential, proprietary, or sensitive company data into external AI tools
- Treat all AI tool interactions as potentially public
- Follow existing SOC2 data classification and handling procedures for AI systems
- Implement data minimization principles - use only the minimum data necessary for AI system functionality
Access Controls
- Use only approved AI tools from the IT Department
- AI system access restricted to authorized personnel
- Third-party AI APIs accessed through secure, authenticated connections
System Security
- AI models and data stored in secure, monitored environments
- Production AI deployments require security review and approval
- Vulnerability scanning and security monitoring applied to AI infrastructure
- Production AI deployments require security review and approval.
Output Validation
- All AI outputs must be reviewed and validated before business use
- Implement monitoring for unusual AI system behavior
- Maintain human oversight for all critical AI-driven decisions
Responsibilities
- Principal AI Engineer: Policy ownership and oversight
- IT Security: Approved AI tools list and security monitoring
- All Staff: Compliance with security requirements
Violations
Violations may result in disciplinary action including training requirements, suspension of AI access privileges, or termination, depending on severity.
Revision History
| Version | Date | Author | Summary of Change |
|---|---|---|---|
| 1.0 | 2025-06-05 | Field Bradley | Initial draft. |
| 1.1 | 2025-09-02 | Field Bradley | Migrated to markdown and gitlab |