Policies on Rygen Technologies AI Management System Handbook

AI Policy

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This AI Policy establishes Rygen Technologies’ commitment to building innovative AI systems responsibly. As a logistics technology leader, we recognize AI’s transformative potential to revolutionize supply chain efficiency, decision-making, and customer experience. This policy guides our approach to developing, deploying, and governing AI systems while maintaining the highest standards of trust and accountability.

Scope

Any AI system used or developed by Rygen, and all members of the Rygen team that affect AI systems, are subject to this policy, including:

Security Policy

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This policy establishes our systematic approach to securing AI systems and protecting sensitive information throughout the AI lifecycle. It defines security guidelines for AI systems at Rygen Technologies to protect sensitive data, ensure secure AI deployment, and support our compliance requirements.

Scope

This policy applies to all AI systems and tools used at Rygen:

X1 Platform AI features
Corsair TMS AI capabilities
Internal AI tools and third-party AI services

Security Framework

We apply defense-in-depth principles to AI systems, ensuring security at every layer from data handling through model deployment and output validation. This multi-layered approach protects both our organization and our clients’ sensitive information.

Communication Policy

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This policy establishes how Rygen Technologies communicates about AI systems and the AI Management System (AIMS) with internal and external stakeholders.

Scope

This policy applies to all AI-related communications including new features, incidents, compliance requirements, and stakeholder feedback across all Rygen platforms and internal operations.

Communication Framework

We take a measured and responsible approach to communicating our stance toward AI, AI initiatives, AI capabilities, and any issues with the AI systems we deploy. This impacts both internal and external stakeholders, and involves establishing what members of our team communicate, whom they communicate with, when they communicate it, and how the information is communicated.

Acceptable Usage Policy

Wed, 27 Aug 2025 00:00:00 +0000

Purpose

This policy establishes guidelines and requirements for the use of artificial intelligence (AI) tools and services within the organization to protect company data, ensure compliance, and maintain security standards.

Scope

This policy applies to all employees, contractors, and temporary workers who use or wish to use AI tools in connection with their work duties.

Policy Statement

All AI tools and services not created by Rygen must receive explicit approval before use in any work-related context.
Only those tools found in the Approved AI Tools list may be used at Rygen, and those tools must be used according to their safe usage constraints.
AI tools that cannot provide opt-out options for using data for training purposes are prohibited.
Employees must verify and enable data privacy settings before using any approved AI tool.
Sensitive company information, such as contact information and payment data, is prohibited from use with any AI tools.
Company confidential information and proprietary data may only be input into AI tools that have been specifically approved for handling such data and must be used in accordance with any additional security requirements or restrictions specified during the approval process.
Employees must not connect unauthorized third party AI systems directly to company databases, file systems, or any other information system owned by Rygen.
Employees must report any potential data breaches or security concerns related to AI tool usage immediately.

Requirements for AI Tool Approval

The tool must provide clear documentation of its data handling practices.
The tool must offer the ability to opt out of data collection for training purposes.
The tool must have enterprise-grade security features.
The tool must comply with relevant industry regulations and standards.
The vendor must provide clear terms of service and data processing agreements.

Prohibited Uses

Using unapproved AI tools for any work-related purpose.
Bypassing security settings or data privacy controls.
Sharing access credentials for AI tools.
Using unauthorized personal AI accounts for work purposes.
Uploading sensitive company data to AI tools without explicit authorization.
Connecting unapproved AI tools directly to company file systems or databases.

Compliance and Enforcement

IT Security will maintain a list of approved AI tools.
Regular audits will be conducted to ensure compliance.
Violations may result in disciplinary action.
All incidents involving unauthorized AI usage must be reported.

Approval Procedure

Employee submits AI Tool Request Form to IT Security.
IT Security reviews request and evaluates tool against security requirements.
Legal reviews terms of service and data processing agreements.
If approved, IT Security documents configuration requirements.
Employee receives training on proper tool usage.
IT Security enables and configures tool access.

See the AI Tool Approval Procedure for detailed approval steps.