Purpose:
Defines procedures and responsibilities for creating, managing, monitoring, and maintaining Neftaly OpenAI platform accounts, ensuring security, compliance, and ethical use.
Scope:
Covers all Neftaly employees, contractors, and partners accessing OpenAI tools.
Objectives:
- Secure and controlled access.
- Data integrity and confidentiality.
- Support for innovation and productivity.
- Prevention of misuse or unauthorized access.
- Alignment with Neftaly ethical standards.
Governance and Roles:
- IT Department: Account setup, security monitoring, deactivation.
- Department Heads: Authorize account requests.
- Users: Follow data protection and responsible usage policies.
- Compliance Officers: Audit usage and ensure policy compliance.
Account Lifecycle:
- Creation: Approved by IT, tied to official credentials; personal accounts prohibited.
- Access Permissions: Role-based, least-privilege principle; MFA enabled.
- Monitoring: Regular audits; inactive accounts suspended.
- Deactivation: Upon termination, role change, or misuse; documented for compliance.
Data Protection & Privacy:
- Sensitive data must follow Neftaly Data Protection policies.
- PII and proprietary information must be managed carefully.
- Anonymization is required where possible.
Responsible AI Use:
- Alignment with Neftaly AI ethics.
- Human review required for critical outputs.
- No personal profit or external commercial use.
Security Controls:
- Encryption, MFA, auditing, and incident response measures enforced.
Compliance & Auditing:
- Quarterly reviews and annual audits.
- Mandatory user training.
- Violations lead to disciplinary measures.
Monitoring & Reporting:
- Centralized dashboard for account activity.
- Reports to senior management and IT for accountability.
Policy Review:
- Annual review or when technological, regulatory, or operational changes occur.
Conclusion:
Ensures responsible, secure, and ethical management of Neftaly OpenAI accounts, enabling operational efficiency, innovation, and compliance.