AI TrainingUser Community

Perseus AI Usage Policy

raia Compliance Analysis: Perseus AI Usage Policy

Executive Summary

Overall Compliance Status: ✅ EXCELLENT

raia demonstrates strong alignment with Perseus AI Usage Policy requirements, meeting or exceeding most criteria. As a Dedicated AI Tool under Perseus's definition, raia provides the security, privacy, and control features necessary for enterprise deployment while addressing the key risks identified in the policy.

Policy Classification

raia Classification under Perseus Policy

✅ raia qualifies as a "Dedicated AI Tool"

  • Uses customer input only to train/improve that customer's specific instance

  • Input is kept secure and isolated per customer

  • Provides enterprise-grade controls and security measures

  • Offered as a paid service with comprehensive SLAs

Detailed Compliance Analysis

1. Risk Mitigation Assessment

Perseus Risk Category

raia Mitigation

Compliance Status

Evidence

Privacy & Confidentiality

Customer data isolation, encryption, access controls

EXCELLENT

SOC 2 audit, HIPAA BAA

Information Security

Comprehensive security controls, monitoring, incident response

EXCELLENT

SOC 2 Type II, penetration testing

Intellectual Property

Clear IP ownership, customer data protection, licensing terms

EXCELLENT

Service agreements, IP protection

Validity Risks

Human-in-the-loop controls, RAG implementation, quality assurance

EXCELLENT

CoPilot monitoring, validation processes

2. Policy Statement Compliance

4.1 Communal AI Tool Restrictions (Not Applicable)

Status: ✅ N/A - raia is a Dedicated AI Tool

4.2 Evaluations Required

Status: ✅ COMPLIANT

  • raia provides comprehensive documentation for evaluation

  • Security and compliance package addresses all evaluation criteria

  • Technical specifications and risk assessments available

4.3 Approvals Required

Approval Type

raia Support

Status

Documentation Provided

Legal Approval

Comprehensive legal framework

SUPPORTED

Service agreements, DPAs, BAAs

Corporate IT Approval

Enterprise security documentation

SUPPORTED

SOC 2 audit, security architecture

4.4 Confidential & Personal Information Use

Status: ✅ FULLY COMPLIANT

raia Capabilities:

  • ✅ Dedicated customer instances with data isolation

  • ✅ Comprehensive encryption (AES-256 at rest, TLS 1.3 in transit)

  • ✅ HIPAA compliance for PHI handling

  • ✅ GDPR/CCPA compliance for personal data

  • ✅ Contractual data protection guarantees

  • ✅ Third-party audit verification (SOC 2)

4.5 Intellectual Property Use

Status: ✅ FULLY COMPLIANT

raia Protections:

  • ✅ Customer retains ownership of input data and IP

  • ✅ Clear licensing terms for AI-generated output

  • ✅ IP protection through encryption and access controls

  • ✅ No cross-customer data sharing or training

  • ✅ Contractual IP indemnification provisions

4.6 BU Policy & Standards Development

Status: ✅ SUPPORTED

raia Enables:

  • Access Control: Role-based permissions, MFA, granular access management

  • Technical Measures: SOC 2 certified security controls, encryption, monitoring

  • Secure Development: Code review processes, security testing, vulnerability management

4.7 Inventory & Ongoing Monitoring

Status: ✅ FULLY SUPPORTED

raia Provides:

  • ✅ Mission Control dashboard for usage tracking

  • ✅ Comprehensive audit logs and activity monitoring

  • ✅ Agent configuration management and version control

  • ✅ Usage analytics and reporting capabilities

4.8 Quarterly Certification

Status: ✅ SUPPORTED

  • raia provides audit trails and compliance reports to support certification

  • Comprehensive logging enables compliance verification

3. Guidance Section Compliance

5.1 Verification & Validation

Status: ✅ EXCELLENT

raia Implementation:

  • Human-in-the-Loop: CoPilot enables real-time monitoring and intervention

  • Output Review: Conversation scoring and quality assessment

  • RAG Implementation: Grounded responses with source traceability

  • Feedback Loops: Thumbs up/down with training integration

  • Secure Development: Code review, testing, validation processes

5.2 BU Approval Processes

Status: ✅ SUPPORTED

  • raia provides comprehensive documentation for management review

  • Security features, terms of service, and privacy policies clearly documented

5.3 Legal & IT Consultation

Status: ✅ FACILITATED

  • raia provides detailed technical and legal documentation

  • Security team available for technical consultations

  • Legal framework supports customer legal review processes

5.4 Access Control

Status: ✅ EXCELLENT

  • Granular role-based access controls

  • Data source restrictions and permissions management

  • Audit trails for all access activities

5.5 Reputation of AI Tools

Status: ✅ EXCELLENT

  • SOC 2 Type II certified with clean audit

  • Established vendor with comprehensive compliance program

  • Transparent security and compliance documentation

5.6 Transparency

Status: ✅ SUPPORTED

  • Clear disclosure capabilities for AI-generated content

  • Audit trails showing AI vs. human interactions

  • Compliance with transparency requirements

Appendix A: AI Tool Evaluation Criteria Analysis

Evaluation Criteria

raia Response

Status

Business issue addressed

AI agent deployment for sales, support, and business processes

CLEAR

How AI Tool will be used

Customer service automation, sales support, business process optimization

DOCUMENTED

Data used for prompting/training

Customer-provided knowledge bases, conversation data (isolated per customer)

CONTROLLED

Data sensitivity

Supports all sensitivity levels including PHI, PII, confidential business data

COMPREHENSIVE

Data ownership

Customer retains full ownership of input data

PROTECTED

Training data location

Secure cloud infrastructure with geographic controls

DOCUMENTED

Data transmission

TLS 1.3 encryption, secure API endpoints

SECURE

Access control

Role-based permissions, MFA, audit logging

ENTERPRISE-GRADE

Gap Analysis & Recommendations

✅ Strengths (No Gaps Identified)

  1. Dedicated AI Tool Classification - raia clearly qualifies as a dedicated tool with customer data isolation

  2. Comprehensive Security Controls - SOC 2 Type II certification covers all required security measures

  3. Privacy Compliance - HIPAA, GDPR, CCPA compliance addresses all privacy requirements

  4. Human Oversight - CoPilot provides required human-in-the-loop capabilities

  5. IP Protection - Clear contractual protections and technical safeguards

  6. Audit & Monitoring - Comprehensive logging and reporting capabilities

🎯 Implementation Recommendations

  1. Legal Review Process

    • Review raia service agreements, DPAs, and BAAs with Perseus legal team

    • Confirm alignment with Perseus contracting policies

  2. Technical Integration

    • Conduct technical review with Perseus Corporate IT

    • Validate integration with existing security and monitoring tools

  3. Pilot Deployment

    • Start with limited pilot deployment in controlled environment

    • Validate compliance controls and monitoring capabilities

  4. Policy Integration

    • Update BU-specific policies to include raia usage guidelines

    • Establish approval workflows for different use cases

Conclusion

raia demonstrates excellent alignment with Perseus AI Usage Policy requirements, meeting or exceeding all mandatory criteria for Dedicated AI Tools. The platform's SOC 2 Type II certification, comprehensive security controls, and privacy compliance framework directly address the risks and requirements outlined in the Perseus policy.

Key Advantages:

  • ✅ Qualifies as Dedicated AI Tool with customer data isolation

  • ✅ Comprehensive security and compliance certifications

  • ✅ Human-in-the-loop controls for oversight and validation

  • ✅ Clear IP protection and data ownership framework

  • ✅ Enterprise-grade access controls and monitoring

Deployment Readiness: raia is ready for deployment under Perseus AI Usage Policy with standard vendor management and legal review processes.

PreviousSecurity & Compliance Documents

Last updated