By Need

By Industry

By Function

Cybersecurity & Risk Management

The Executive's Guide to Crafting an AI Usage Policy

In a recent study, a staggering 70% of employees said using Artificial Intelligence (AI) tools made them more productive. This statistic is a testament to the transformative power of AI, underscoring its role as a critical lever for operational efficiency and innovation. However, in my role as Chief Operating Officer (COO) at Blue Mantis, I am concerned about any potential risks to our operational efficiency. While generative AI is marketed and sold as a cloud-based productivity enhancer, these new AI tools such as ChatGPT and others can introduce cybersecurity risks like:

  • Compromising the confidentiality of your corporate intellectual property through data leakage.
  • Exposing your organization to legal action if AI “borrows” from existing code without a license.

The consensus among visionary leaders—from CEOs to IT experts and legal professionals—is clear: deploying AI successfully at an organization requires a comprehensive AI policy. This is the ethos behind Blue Mantis’ own proactive approach to AI integration, ensuring that we leverage its benefits while addressing the associated challenges head-on. The lessons we learned in crafting our own internal AI data security policy now informs how we develop AI policies for our external customers.

The Business Benefits of AI Adoption

Adopting AI tools like Microsoft Copilot brings a plethora of benefits to both commercial and public sector organizations. For example:

  • Improving Sales Analytics: AI can analyze sales data in real-time, offering insights that lead to more effective sales strategies and improved revenue.
  • Enhancing Customer Service: By implementing AI-driven chatbots, organizations can offer 24/7 customer support, significantly improving customer satisfaction.
  • Reducing Manual Tasks: AI automates routine tasks, allowing employees to focus on more strategic activities. For example, an accounting firm could use AI to automate data entry, cutting down processing time by 50% or more.
  • Increasing Performance and Efficiency: AI tools can optimize operations across the board, leading to overall enhanced performance.

Crafting an AI Policy at Blue Mantis

At Blue Mantis, we’ve taken proactive steps to harness the power of AI while safeguarding our operations against potential pitfalls. By bringing together our internal experts in cybersecurity and cloud technologies, in collaboration with external legal counsel, we’ve developed a comprehensive AI usage policy tailored to our unique needs. This journey of policy creation was not only about protection but also about paving the way for innovation. Our experience in developing Blue Mantis’ AI policy has become a cornerstone for advising our clients, enabling us to offer bespoke AI data security policies that resonate with their specific requirements.

Navigating AI Policy Risks

While the advantages of AI are immense, the risks cannot be ignored. Organizations must effectively manage these risks to comply with local laws and maintain ethical standards. Key areas of concern include data privacy, security vulnerabilities, and the potential for biased decision-making (which brings to mind when a New York lawyer relied on ChatGPT to write his legal brief for him but was in trouble because the AI made up a list of fake court cases complete with bogus “expert” quotes and citations). At Blue Mantis, our AI policy addresses these challenges head-on, ensuring that our use of AI remains responsible and transparent.

The Blue Mantis AI Policy Framework

Our AI usage policy encompasses five critical areas:

  1. Important Terms Related to AI: Defining AI and related concepts to ensure clarity and understanding across the organization.
  2. Risks of AI: Identifying potential risks, from security breaches to ethical dilemmas, and outlining strategies to mitigate them.
  3. Prohibited Uses of AI: Setting clear boundaries for AI usage to prevent misuse and protect against legal and ethical violations.
  4. Requirements of AI Usage Compliance: Outlining the steps and standards for compliant AI use within the organization.
  5. Consequences of AI Policy Violation: Establishing accountability by detailing the repercussions of not adhering to the policy.

Partner with Blue Mantis to Craft a Corporate AI Policy

The journey toward AI integration is both exciting and complex. At Blue Mantis, we’ve navigated this path ourselves and are now ready to guide others through it. We have several offerings for executives wanting to integrate AI into their business processes, including comprehensive security and policy assessments. Our expertise in AI deployment reaches across cloud, data center, network, and cybersecurity to ensure you have a holistic strategy for deploying AI—especially for organizations with investments in Microsoft Azure, Office 365, and the entire Microsoft ecosystem.

If you’re an IT or business leader at a commercial and public sector organization of any size, I invite you to connect with Blue Mantis. Let’s meet the future of AI in the workplace so you can see how our expertise in crafting customized AI usage policies can secure your operations and unleash the full potential of AI in your organization.

Jay Pasteris headshot.

Jay Pasteris

Chief Operating Officer

As Chief Operating Officer at Blue Mantis, Jay Pasteris is responsible for all end-to-end operations of the organization, including ultimate ownership of all data, IT, and organizational risk.  Additionally, he oversees the HR function and is responsible for building, managing and maintaining a world-class talent pool in the U.S., Canada and India.  

Formerly CIO and CISO, Jay was promoted to COO in April 2024. In his new role, Jay continues to oversee the company’s IT and cybersecurity operations and he serves as an invaluable client-facing resource from an advisory and problem-solving perspective.  

Jay is a highly accomplished senior business technology executive with experience in aligning technology with business strategy and driving innovation across organizations. His deep experience as a vision-driven technology leader and his history of successfully delivering enterprise technology solutions has enabled him to build high-performing and results-driven technology teams that not only deliver business value, but transform organizations to excel in the digital era. 

Before joining Blue Mantis in 2021, Jay served as the CIO and CISO for the Massachusetts Medical Society / New England Journal of Medicine; senior vice president of global IT for Houghton Mifflin Harcourt; and CIO and CISO for Veracode—a Boston-based cyber security firm. Throughout his career, Jay has been responsible for leading and delivering scalable enterprise technology solutions; product engineering; global infrastructure; end-user experience; and security and compliance across cloud and software-as-a-service platforms.