Technology Ethics
AI Policy.
This policy governs how LEVERAGE CYBER uses artificial intelligence (AI) in our operations, services, and client engagements. It reflects our commitment to responsible AI use, transparency, and maintaining the highest standards of security and confidentiality.
Last Updated: April 2026
AI Principles
We apply the following principles to all AI-enabled activities within our organisation:
1. Accountability and Governance
We define the scope and purpose of AI-enabled activities and assess how they may affect service delivery, client outcomes, data handling, decision-making or operational risk. We apply oversight, testing and governance controls proportionate to the nature, scale and risk of the AI use.
2. Transparency of Use
We inform clients of relevant AI use in our tools, technologies, methodologies and automations, including internal and third-party solutions where this may affect the service, data handling, decision-making, contractual commitments or client risk. We explain how AI is used where relevant, including the potential benefits, limitations and risks to the client.
3. Documentation and Auditability
We document our AI use, including how services are delivered, conclusions reached, and standards met. We document validation, quality assurance and review processes to support reliable outcomes. Our AI use is traceable and reviewable, with records retained to support proportionate internal or external assurance where appropriate.
4. Boundaries and Control
We ensure suitably competent personnel retain oversight of AI-enabled activities, including autonomous or semi-autonomous activities. They review outputs, challenge decisions and intervene where needed. AI-enabled activities operate within defined organisational controls and, where relevant, client-agreed scope and boundaries. We use technical and procedural controls to prevent AI from being used outside its authorised purpose.
5. Data, Sovereignty and Client Control
We inform clients how AI-enabled activities may use their data, including whether data may be used to train models and whether data may be transferred outside their organisation, our organisation, or agreed jurisdictions. We handle client data in line with agreed legal, regulatory and contractual requirements. Client data is used and stored only within agreed purposes, controls and commitments.
6. Security and Confidentiality
We protect client data, prompts, outputs and AI-generated artefacts through appropriate technical and organisational controls. We are transparent with clients about how their data is secured where AI-enabled activities are used.
7. Secure Development of AI Tooling
We use secure development, integration and assurance practices for AI tooling. We review and maintain AI tools throughout their lifecycles to ensure they remain reliable and properly governed.
8. Supply Chain Assurance
We identify material third-party AI technologies and providers used in AI-enabled activities, and assess the associated security, compliance, resilience and operational risks. Where third-party AI use may materially affect service delivery, data handling, client commitments or continuity of service, we apply appropriate supplier governance and risk management controls. We are transparent with clients about relevant third-party AI dependencies where they may affect the service, contractual commitments or the handling of client data.
9. Resilience and Business Continuity
We identify material AI dependencies in service delivery and assess the impact if those systems fail or become unavailable. We maintain proportionate fallback or degraded operating arrangements where practical. We are transparent with clients about how AI disruption may affect service delivery, service levels, data handling, decision-making, reporting, continuity arrangements and recovery expectations.