AI Ploicy

Moch.IT AI Policy

Version: 1.0

Confidential Information

This document is the property of Moch.IT. It contains information that is proprietary, confidential, or otherwise restricted from disclosure. If you are not an authorized recipient, please return this document to the document owner.

Dissemination, distribution, copying, or use of this document in whole or in part by anyone other than the intended recipient is strictly prohibited without prior written permission of Moch.IT. Copyright © 2025.

Table of Contents

• Document Revision History
• 1 AI Policy
  • 1.1 Introduction
  • 1.2 Scope
  • 1.3 AI Roles and Responsibilities
• 2 Policy
  • 2.1 Rules for Use
  • 2.2 Permitted AI Tools
  • 2.3 Misuse and Reporting
  • 2.4 Environmental Consideration
  • 2.5 AI Training and Awareness
  • 2.6 Data Privacy and GDPR Compliance
  • 2.7 Alignment with Other Organizational Policies
  • 2.8 Review of the AI Policy
  • 2.9 Reporting of Concerns
  • 2.10 Policy Exceptions
• 3 Compliance Mapping
  • 3.1 ISO 42001 Compliance Mapping

Document Revision History

AI Policy

1. Introduction

Artificial Intelligence (AI), particularly Generative AI and Large Language Models (LLMs), continues to transform how Moch.IT operates and delivers value to its clients. AI tools are designed to support—not replace—human insight, ethical judgment, and professional responsibility.

Generative AI tools (e.g., ChatGPT, Gemini) can assist with content research, creation, summarization, analysis, graphics, and language support. However, such tools must be used with caution, especially in a security-sensitive environment.

Our AI use is guided by the principles of legality, ethical responsibility, client confidentiality, and operational integrity.

2. Scope

This policy applies to all employees, contractors, and representatives of Moch.IT who may engage with or be impacted by AI technologies in the course of their duties.

• AI tools must not be used in tasks involving surveillance data or client-sensitive information unless explicitly approved by a Director.
• This policy is publicly available to ensure transparency with clients, partners, and regulators.

3. AI Roles and Responsibilities

Policy

Rules for Use

• AI outputs must always be reviewed and fact-checked
• AI-generated content must not be used without human validation
• Confidential or personal data must never be entered into AI tools
• AI must not make decisions impacting staff or clients without approval

Permitted AI Tools

• ChatGPT (OpenAI)
• Gemini (Google)
• Microsoft Copilot (Microsoft 365 environment only)

Misuse and Reporting

• Misuse must be reported immediately to Director HR & Marketing
• Intentional misuse may result in disciplinary action

Environmental Consideration

Moch.IT recognizes the environmental impact of AI technologies and commits to responsible usage to minimize digital carbon footprints.

AI Training and Awareness

Periodic AI training and awareness sessions will be provided. Mandatory training must be completed as assigned.

Data Privacy and GDPR Compliance

• AI use must comply fully with GDPR
• No personal or client data may be entered into AI tools without CEO approval

Alignment with Other Organizational Policies

• Information Security Policy (ISO 27001)
• Compliance Policy
• Human Resource Policy
• Incident Management Procedure

Review of the AI Policy

This policy is reviewed biannually or following significant legal or technological changes.

Reporting of Concerns

All AI-related concerns must be reported immediately. Anonymous reporting channels are maintained.

Policy Exceptions

Exceptions must be approved in writing by the CEO and documented for review.

Compliance Mapping