AI Compliance Policy

1. Cybersecurity

1.1 Policy Statement: We are dedicated to maintaining the highest level of cybersecurity in our AI solutions, compliant with industry standards and government regulations.

1.2 Key Strategies:

• Adherence to established cybersecurity frameworks, such as the Cyber Essentials Framework.

• Utilisation of certified cybersecurity technologies, including encryption standards like SHA-256 with RSA Encryption.

• Regular, mandated cybersecurity training in line with government standards.

2. Technical Proficiency

2.1 Policy Statement: We invest in our team’s technical proficiency in AI to ensure it aligns with the highest industry ensuring excellence in every project.

2.2 Key Strategies:

• Staff certifications in relevant technologies, including Certified Data Scientist programs.

• Adoption and documentation of industry best practices as per established AI standards.

3. Successful Project History

3.1 Policy Statement: Our record in delivering AI projects successfully demonstrates our capability to meet and exceed current standards.

3.2 Key Strategies:

• Provision of detailed case studies from previous projects.

• Conducting regular client feedback sessions and compliance audits following project completion.

4. Data Security

4.1 Policy Statement: We guarantee stringent data security, aligning with GDPR regulations.

4.2 Key Strategies:

• Adherence to specific data protection laws relevant to each project’s jurisdiction.

• Implementation of an Incident Response Plan to effectively address data breaches.

5. Data Protection

Wherever AI may be used, the principles of UK data protection law will apply. This includes ensuring transparency, fairness, accuracy, security, minimisation and accountability for the personal data used. The purpose for processing the data and an appropriate lawful basis will be identified for the activity and for any determinations AI may suggest. The adoption of any outcome made by AI remains the responsibility of the data controller. The information rights will also be clearly upheld and in particular the right to question automated decision making. In such circumstances and as the law currently stands, such decisions if questioned must be reviewed by a natural living individual. Such reviews will be documented. Guidance from the UK regulator is limited but for reference, this is the most recent advice.  

6. Ethical AI Practices

6.1 Policy Statement: Our commitment to ethical AI is steadfast, guided by frameworks like the EU’s Ethics Guidelines for Trustworthy AI.

6.2 Key Strategies:

• Conducting regular ethical audits of our AI algorithms.

• Establishing clear processes for bias detection and mitigation.

7. Compliance and Oversight

7.1 Policy Statement: We ensure strict compliance with all relevant laws, regulations, and ethical standards in AI development.

7.2 Key Strategies:

• Establishment of an AI Ethics and Compliance Oversight Committee.

• Transparent reporting on compliance and ethical practices to stakeholders.

• Implementation of a comprehensive whistleblower policy.

8. Continuous Improvement and Adaptability

8.1 Policy Statement: We are committed to continuously updating our practices to stay aligned with evolving AI and data regulations.

8.2 Key Strategies:

• Bi-annual reviews of our AI policies and practices.

• Active engagement with stakeholders for feedback and policy improvement.

Conclusion

At Maybe*, we are dedicated to providing AI-driven diagnostic solutions that not only lead in technological innovation but also excel in security, compliance, and ethical responsibility. Our policies reflect our commitment to meeting the stringent requirements of our government clients and stakeholders, ensuring trust and credibility in all our engagements.

This document is a public declaration of our principles and practices in AI development and deployment, demonstrating our dedication to excellence and ethical responsibility in all aspects of our work.

For inquiries or more information, please contact pollyb@maybetech.com