Risk-based approach at Unique
- Daylan Araz
Gen AI solutions introduce enhanced risks and we must proactively deal with them and protect our clients (sensitive) data. This article will outline which risks are associated with GenAI solutions and what potential mitigation actions Unique takes (additional mitigation actions may be agreed upon individually with clients).
Unique is committed to effectively managing risks within the ISO 9001 and ISO 27001 standards, ensuring the highest standards of quality and effectiveness. Unique has established a comprehensive risk management framework that is mandatory for all employees. This framework has been presented and agreed upon by our management team and acknowledged by the board of directors. It is regularly updated and reviewed by the DPO, CISO, management team, and board of directors.
Risk types and mitigation actions
Privacy Risk
Risk: leakage of confidential or other sensitive data
Mitigation: Key risk qualification and risk acceptance; enhance risk mgmt (like PIM, IAM), contractual obligations, no data storage outside single or customer-managed tenant, opt-out from prompt checking of Microsoft Azure OpenAI services, opt-out from training data for Microsoft Azure OpenAI services. Further reading: Compliance Layer 2.0
Security Risk
Risk: Misuse of GenAI technology
Solution: AI and data governance, external audits, bug bounty, TOMs, encryption, backups
Accuracy Risk
Risk: inaccurate or inconsistent output
Mitigation: GenAI guidelines and policies, responsible AI guidelines, T&Cs, feedback loop, AI Governance
Fairness Risk
Risk: biased outputs, not factually correct
Mitigation: AI Governance Framework, Human in the loop, references attached to output, and Benchmarking
Legal Risk
Risk: IP infringements and copyright violations
Mitigation: adjust our contracts, T&Cs, MS liability for copywrite infringements
Unique’s approach to risk management
Every Unique employee can detect and report risks in Unique’s risk registers (ISMS for IT risks and QMS for strategic, operational and financial risks according to ISO 27001 and ISO 9001 certification). Unique is following a risk-based approach which involves regular reviews of key risks.
Monthly risk review by CDO and CISO
Quarterly risk review by the Executive Team
Bi-annual risk review by the Board of Directors
Annual re-certification by auditing company
Author | @Sina Wulfmeyer |
|---|
© 2024 Unique AG. All rights reserved. Privacy Policy – Terms of Service