Part 1
Use policy or technology policy? Two sentences, two jobs
These two sentences both appear in 'AI policies', but they answer different questions. Telling them apart is the whole job of this module.
- Technology policy: 'Approved AI services are the enterprise tiers of Tool X and Tool Y, provisioned through IT with SSO and data-processing terms in place.'
- Use policy: 'Employees may use approved AI to draft and summarize sanitized internal work; they may not enter regulated or customer data, and any external-facing output requires named human review.'
- The technology policy governs what is procured and configured. The use policy governs what people may do. A company needs both; this module produces the intake for the use policy.
Quick check · <30 sec
'Customer records may never be pasted into a consumer AI tool' belongs in which policy?
- A. Technology policy
- B. Use policy
- C. Neither
- D. Both, identically