Skip to main content
IT KORR
IT KORRKeeping Organizations Reliable & Resilient
AI Governance & Secure AI for Business · Download

AI Acceptable Use Policy

A policy structure defining permitted and prohibited AI use, data handling rules, disclosure requirements, and consequences for violations.

IT KORR Knowledge Center

AI Acceptable Use Policy

A policy structure defining permitted and prohibited AI use, data handling rules, disclosure requirements, and consequences for violations.

Permitted Uses

  • Drafting and editing internal communications, general correspondence, and marketing content using non-confidential inputs.
  • Summarizing publicly available or internal-tier documents to save review time.
  • Research assistance — using AI as a starting point for research, with output independently verified before being relied upon.
  • Code assistance for non-sensitive internal tooling, subject to normal code review.

Prohibited Uses

  • Submitting regulated or confidential data — client records, protected health information, financial account numbers, credentials, or trade secrets — to any AI tool not specifically approved for that data tier.
  • Using AI-generated output for high-stakes decisions (hiring, termination, credit, medical, legal, or safety-related determinations) without meaningful human review.
  • Presenting AI-generated output as final work product without verifying its accuracy.
  • Using unapproved or personal-account AI tools to process organizational data of any classification above public.

Data Handling Rules

  • Only submit data to an AI tool consistent with the data classification rules in the AI Governance Policy.
  • Do not paste customer, patient, or employee personal data into a general-purpose AI chat interface unless it is contractually confirmed not to train on submitted data and is on the approved list for that data tier.
  • Remove or redact identifying details before using AI tools for illustrative or exploratory purposes wherever possible.

Disclosure Requirements

  • Disclose AI assistance when it materially shaped a work product delivered to a client, regulator, or external party, consistent with any contractual or professional obligations.
  • Disclose AI use internally when AI-generated content forms the basis of a decision, recommendation, or analysis presented to leadership.
  • When uncertain whether disclosure is required, disclose — silence is the higher-risk default.

Consequences of Violation

  • Violations are handled under existing organizational conduct and data protection policies, up to and including termination for serious or repeated violations.
  • Accidental disclosure of confidential data to an AI tool must be reported immediately so it can be assessed and, where required, escalated as a data incident.

Acknowledgment

By using any AI tool on behalf of the organization, I acknowledge that I have read and understand this Acceptable Use Policy, and agree to comply with its permitted uses, prohibited uses, and data handling and disclosure requirements.

  • Employee name, signature/acknowledgment, and date.
  • Policy version acknowledged, for version-tracking purposes.

Related Resources

  • AI Acceptable Use Policies — /knowledge-center/artificial-intelligence/ai-governance-secure-ai/ai-acceptable-use-policies
  • Shadow AI Explained — /knowledge-center/artificial-intelligence/ai-governance-secure-ai/shadow-ai-explained

This document is a starting-point resource, not legal or compliance advice. Review it against your organization's actual systems before adoption — see the full AI Governance & Secure AI for Business Hub for the reasoning behind each recommendation.

Build: add8299 | Built: Jul 9, 2026 9:26 PM EDT