Neftaly Staff

NeftalyApp COURSES Partner INVEST Corporate CHARITY Divisions

[Contact SayPro] [About SayPro][Services] [Recruit] [Agri] [Apply] [Login] [Courses] [Corporate Training] [Study] [School] [Sell Courses] [Career Guidance] [Training Material[ListBusiness/NPO/Govt] [Shop] [Volunteer] [Internships[Jobs] [Tenders] [Funding] [Learnerships] [Bursary] [Freelancers] [Sell] [Camps] [Events&Catering] [Research] [Laboratory] [Sponsor] [Machines] [Partner] [Advertise]  [Influencers] [Publish] [Write ] [Invest] [Franchise] [Staff] [CharityNPO] [Donate] [Give] [Clinic/Hospital] [Competitions] [Travel] [Idea/Support] [Events] [Classified] [Groups] [Pages]

Email: info@neftaly.net Call/WhatsApp: + 27 84 313 7407

NeftalyP589-6-4: Neftaly Open AI Platform People Access Management Guidelines

Written by

Clifford Lesiba Legodi

in

Purpose:
The Neftaly Open AI Platform People Access Management Guidelines define the standards and procedures for granting, managing, monitoring, and revoking access to Neftaly’s OpenAI platform. The policy ensures that all users — employees, contractors, and partners — access the system responsibly, securely, and in alignment with Neftaly’s data protection, cybersecurity, and operational policies.

1. Scope

This guideline applies to:

  • All Neftaly employees, consultants, and third-party vendors who interact with OpenAI systems.
  • Departments utilizing OpenAI tools for research, administration, innovation, training, or project delivery.
  • Neftaly’s IT, HR, and Compliance teams responsible for user access governance.

It covers:

  • User access creation and removal.
  • Role-based permissions and access levels.
  • Authentication, monitoring, and incident reporting.
  • Auditing and accountability mechanisms.

2. Objectives

The objectives of this guideline are to:

  1. Safeguard Neftaly’s OpenAI platforms and data from unauthorized access or misuse.
  2. Establish a transparent, auditable, and standardized process for access management.
  3. Align AI access protocols with Neftaly’s IT Security (NeftalyP512-4) and Data Protection (NeftalyP402-3) policies.
  4. Ensure accountability and traceability for all actions performed on OpenAI platforms.
  5. Maintain compliance with OpenAI’s acceptable use standards and global cybersecurity laws.

3. Governance and Oversight

3.1 Authority

The Chief Information Officer (CIO) and Chief Human Resources Officer (CHRO) are responsible for approving and enforcing access management procedures.
The IT Security Team administers technical access controls, while the Compliance Department monitors adherence to policy requirements.

3.2 Oversight Committee

The AI Access Governance Committee (AIAGC) — a sub-committee of the AI Governance Committee — oversees all user management operations.
Membership includes:

  • CIO (Chair)
  • HR Director
  • Head of IT Security
  • Compliance Officer
  • Data Protection Officer (DPO)
  • Departmental Access Coordinators

Responsibilities:

  • Approve new user role structures and access levels.
  • Review monthly access logs and incident reports.
  • Ensure all access aligns with organizational ethics and regulatory requirements.

4. Access Management Framework

4.1 Access Principles

Neftaly follows the following key principles in managing OpenAI access:

  • Least Privilege: Users receive only the permissions essential for their job functions.
  • Need-to-Know: Access is limited to specific data or tools necessary for operational needs.
  • Accountability: All access must be traceable to an individual identity.
  • Separation of Duties: Critical tasks require multiple authorizations to prevent misuse.
4.2 Access Levels
LevelDescriptionAuthorized Roles
Level 1 – BasicRead-only access to AI interfaces for research, learning, or non-sensitive tasks.Students, interns, support staff.
Level 2 – IntermediateAccess to AI generation tools and pre-approved API prompts.Project officers, educators, developers.
Level 3 – AdvancedFull API integration and model configuration privileges.Senior developers, IT analysts, researchers.
Level 4 – AdministrativeSystem-wide management, billing, and usage analytics control.CIO, IT Admins, Compliance Admins.

5. User Access Lifecycle

5.1 Access Request Process
  1. Submission: The employee or manager completes a Platform Access Request Form (PARF) through Neftaly’s internal portal.
  2. Approval:
    • Level 1–2 requests require line manager and IT validation.
    • Level 3–4 requests require CIO and Compliance approval.
  3. Verification: HR confirms the requester’s employment status and role.
  4. Account Creation: IT Security generates access credentials and assigns an API key if required.
  5. Notification: The user receives onboarding instructions and must sign the AI Access User Agreement (AIAUA).
5.2 Access Modification
  • Changes in role or department require a re-evaluation of access level.
  • The HR or Department Head must initiate a Change of Access Form (CAF).
  • Temporary elevation of privileges must not exceed 14 days and requires documented justification.
5.3 Access Revocation

Access is revoked:

  • Upon contract termination or resignation.
  • After project completion (for temporary users).
  • When a user violates Neftaly’s policies or security protocols.

HR and IT must collaborate to disable access within 24 hours of employment termination.

6. Authentication and Identity Management

6.1 Login Credentials
  • Users must use their official Neftaly credentials integrated via Single Sign-On (SSO).
  • Passwords must comply with Neftaly’s strong password policy (minimum 12 characters, mixed complexity).
  • Multi-Factor Authentication (MFA) is mandatory for all accounts.
6.2 Session Management
  • Automatic logout after 15 minutes of inactivity.
  • Maximum of two concurrent active sessions per user.
  • Shared or generic accounts are prohibited.
6.3 Identity Verification
  • IT Security conducts identity verification for all external collaborators.
  • Contractors must provide valid agreements and proof of non-disclosure compliance before access activation.

7. Monitoring and Logging

7.1 Activity Logging
  • All OpenAI user interactions (prompts, outputs, API calls) are automatically logged.
  • Logs include user identity, timestamp, IP address, and usage metrics.
  • Logs are retained for a minimum of 24 months for audit purposes.
7.2 Real-Time Monitoring
  • The IT Department maintains an Access Monitoring Dashboard that displays active sessions, anomalies, and credit consumption.
  • Suspicious activity triggers automatic alerts to IT Security and Compliance.
7.3 Periodic Reviews
  • Monthly access audits are conducted by IT Security.
  • Quarterly reviews by the AIAGC ensure consistency and identify misuse or over-privileging.

8. Incident Management

8.1 Reporting Protocol
  • Users must immediately report unauthorized access, credential theft, or anomalies to IT Security.
  • A Security Incident Report (SIR) must be completed within 24 hours of detection.
8.2 Response and Investigation
  • IT Security investigates within 48 hours and, if necessary, escalates to Compliance and Legal.
  • Temporary suspension of accounts may occur during investigations.
  • Findings are documented and presented to the AIAGC.
8.3 Remediation
  • Identified security vulnerabilities must be patched within seven (7) working days.
  • Policy breaches result in corrective or disciplinary action under Neftaly HR Policy (NeftalyP120-1).

9. Third-Party and Partner Access

9.1 External Partner Requirements
  • External entities using Neftaly’s OpenAI resources must sign a Data Protection and AI Ethics Agreement (DPAEA).
  • Access is limited to specific timeframes, projects, or collaborations.
  • External users undergo orientation on Neftaly’s AI use and confidentiality policies.
9.2 Contractor Management
  • Contractors receive separate credentials managed under a temporary access control system.
  • All contractor accounts must be reviewed monthly and deactivated upon project completion.
9.3 Vendor Integration
  • Vendors integrating OpenAI APIs into Neftaly systems must undergo security testing and risk assessment.
  • Integration contracts must outline responsibilities, data-sharing limits, and liability terms.

10. Compliance and Audit

10.1 Internal Compliance
  • The Compliance Department conducts semi-annual audits to verify adherence to access management standards.
  • Non-compliance findings are reported to the COO and CIO with recommendations for remediation.
10.2 External Audit
  • External IT security audits are performed annually to assess platform access risks.
  • Results contribute to continuous improvement of the access framework.
10.3 Record Retention
  • All access forms, logs, and audit reports are retained for five (5) years.
  • Records are securely stored in Neftaly’s compliance repository.

11. Training and Awareness

11.1 Mandatory Induction
  • All users must complete AI Access Orientation before receiving credentials.
  • The training includes topics on data security, ethical AI use, and reporting protocols.
11.2 Refresher Courses
  • Annual refresher courses are required for all OpenAI users.
  • Departments receive tailored sessions based on their risk exposure and usage level.
11.3 Certification
  • Certified AI Access Managers (AAMs) are appointed within each department to oversee compliance and mentoring.

12. Enforcement and Sanctions

12.1 Disciplinary Measures

Policy violations may result in:

  • Written warnings or retraining (for minor breaches).
  • Suspension or revocation of access.
  • Termination of employment for severe or repeated misconduct.
  • Legal action in cases of intentional data compromise.
12.2 Appeal Process

Users may appeal disciplinary decisions by submitting a formal appeal to the HR Director within seven (7) days of notification.

13. Review and Policy Updates

  • This policy is reviewed annually or whenever OpenAI introduces major security or platform changes.
  • Updates must be approved by the CIO and CHRO and communicated to all employees.
  • A summary of revisions is published on the Neftaly Policy Portal.

14. Conclusion

The Neftaly Open AI Platform People Access Management Guidelines ensure that every individual with access to Neftaly’s AI ecosystem operates under clear, secure, and auditable rules. Through transparency, training, and rigorous oversight, Neftaly protects its digital integrity while empowering innovation and collaboration within ethical and lawful boundaries.

Post Date

Modified Date

More posts