Sure Oak Solutions - AI Usage Policy

Effective Date: June 2025

1. Purpose

As regulatory scrutiny and client expectations rise, compliance with AI standards is not just a legal obligation—it’s a strategic differentiator. Sure Oak Solutions is committed to meeting the highest benchmarks for ethical AI usage, data protection, and transparency. This AI Usage Policy (the “Policy”) establishes clear expectations and guidelines for the responsible, ethical, and secure use of artificial intelligence (AI) tools at Sure Oak Solutions. It reinforces our human-first approach by defining AI’s unique role as a brush in the artist’s kit. We believe AI should support—but never replace—human judgment.

2. Scope

This Policy applies to all employees, contractors, vendors, and partners who use or interact with AI technologies on behalf of Sure Oak Solutions.

3. Guiding Principles

Transparency: Disclose when and how AI is used in content creation or decision support. All AI-assisted deliverables must note the extent of AI involvement, either via documentation or client communications
Accountability: Humans remain fully responsible for outcomes. AI tools are assistants; final review, quality assurance, and decision-making lie with designated team members
Privacy & Data Security: Only approved AI platforms may process sensitive or customer data. No personal, client, or proprietary data shall be submitted to unvetted AI services
Beneficence & Ethics: AI usage should aim to enhance creativity, efficiency, and client value, while avoiding harm, misinformation, or manipulation

4. Approved AI Platforms

The following AI-enabled platforms have been vetted for security, privacy, and compliance. Use of any other AI tools for company or client work requires advance approval.

Asana
Canva
ChatGPT
Fathom
Google Gemini
HubSpot
QuickBooks
PandaDoc
Slack
Zapier

5. Responsible Use and Prohibited Scenarios

Responsibilities:

Obtain training before using any AI tool
Document AI usage in project notes or client deliverables
Flag and correct any AI-generated errors

Do Not Use AI For:

Automated content publication without human review or disclosure
Processing or storing personal customer data in unapproved tools
Creating deepfakes, impersonations, or misleading representations
Unethical SEO tactics or fake reviews/testimonials
Autonomous decision-making in client strategies without oversight

6. Privacy & Security Measures

All AI integrations must comply with our Data Protection and Privacy policies
Sensitive or regulated data must be handled only by tools compliant with SOC 2 or more advanced frameworks (e.g., ISO 27001, HITRUST, or equivalent)
Regular audits will verify that AI platforms adhere to our security standards
Evaluate and incorporate emerging AI-related compliance frameworks such as ISO/IEC 42001, ISO 27001, and HITRUST AI Risk Assessments as part of our ongoing commitment to AI governance

7. Training & Awareness

Mandatory onboarding and annual refresher training on AI ethics, tool-specific best practices, and security risks
Easily accessible guides and documentation for each approved platform
A clear process for identifying and addressing AI-related issues or ethical concerns
Team members involved in security, compliance, or client delivery should be familiar with evolving AI governance frameworks (e.g., ISO/IEC 42001) and how our tools and practices align with these.

8. Implementation & Continuous Improvement

Project managers and team leads must enforce this Policy in all AI-assisted initiatives
Regular reviews of AI tool performance, compliance, and ethical considerations
Feedback loops to update guidelines as technology and regulations evolve
Prepare for AI-specific audits by reviewing alignment with ISO/IEC 42001, HITRUST, and other applicable standards, and documenting AI workflows in ways that support audit readiness
Where multiple compliance obligations exist, pursue audit harmonization strategies to streamline review processes, reduce duplication, and enhance efficiency across frameworks

9. Compliance & Enforcement

Violations of this Policy may result in disciplinary action. All incidents will be investigated in line with Company disciplinary procedures.

10. Policy Review

This Policy will be reviewed in full on an annual basis and periodically updated as necessary in keeping with the frequency of new developments to reflect changes in AI technology, legal requirements, and industry best practices.

Last Updated: June 9, 2025

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.