Skip to content

May 2023 Newsletter

Common Controls Hub

Unified Compliance Newsletter

May 2023

AI and Natural Language Processing

Newsletter Highlights

AI Data and Licensing Concerns

ChatGPT for Compliance

LogicGate’s Automated Platform

Get the Help You Need, Now!

New Opportunities - Jobs

Upcoming Documents

Authority Documents

Newsletter: Read Past Editions

Suggestions/Comments: Email Us


There are Both Data Protection AND Licensing Concerns When Using AI Tools


Generative Artificial Intelligence (GAI) applications don't only use scraped information for training purposes, but also retain all the information they are given for future use and training. If you haven't figured it out yet, there are reasons to be concerned about data ownership, data privacy, etc. This will undoubtedly unfold over the next 12 months or so.

Throughout April and May 2023, Italy, Spain, and the European Data Board weighed in on scraped content used in TDM, LLM, and GAI engines. As a result, the Italian Data Protection Agency (GPDP) has temporarily limited how OpenAI, the US-based company that develops and manages the platform, can process Italian users' data.

Additionally, the European Union's privacy watchdog CNIL has requested a privacy evaluation of OpenAI's ChatGPT. The European Data Protection Board (EDPB) formed a task force to foster cooperation and exchange information on possible enforcement actions. In the US, the Biden administration is looking at GAI tools and whether they should be regulated.

Read our paper for a deeper look at data protection licenses that could be affected (and could affect how you use GAI tools).


You can use ChatGPT for Compliance Document Authoring if You Do It With Care


ChatGPT and other new Artificial Intelligence programs have a lot of potential uses for businesses. But before using them to make rules and guidelines for a company, there are some things to think about.

First, let's talk about how they work. ChatGPT uses a system called "Generative Pre-trained Transformer" to predict how words and phrases go together. When you ask it a question, it uses this system to generate an answer.

But there are some issues to consider. Sometimes the answers ChatGPT gives might not be accurate or correct. This can happen for different reasons, like if the question is too complicated. Also, the way that ChatGPT learns can sometimes create biased responses based on things like the information it was trained on.


Another thing to think about is attribution. ChatGPT doesn't always tell you where it got its information from, but you can ask it to use a certain citation style to make it easier to check. However, sometimes the links it provides don't work, so you have to be careful.


So, can you use ChatGPT to make rules and guidelines that will hold up under review? Yes, as long as you can explain how you got the information and how it fits with the regulations you need to follow.

Checkout our paper on this exact scenario.


LogicGate’s Automated Platform


Here is what it can do for you.

LogicGate’s automated platform is focused on creating implementation workflows that are absolutely necessary for continuous compliance. In addition, their no-code tools enable our joint clients to drag-and-drop workflows to build custom templates for themselves. For instance, there’s a custom workflow that routes authority document lists to the appropriate roles for approval as a precursor to running a compliance program. Want to learn more? Go here to request a demo.


Get the Help You Need, Now!


We know the UC may appear to some as intimidating and confusing - when first using the CCH, But it isn't. We also know it's hard to ask for help when almost everyone using the UCF is technologically savvy! So we are shining the light for all who want to learn the easy way and who might be shy about asking for some help. We know how that feels and are thrilled to offer our assistance. We want to talk to you and make using the UCF and the CCH as easy as possible. 

You can contact people who will walk you through using the UCF, or checkout our FAQs on how and why to use it.  In addition, we have comparison information and a whole bunch more.


New Opportunities - Jobs



Upcoming Documents


The UCF team has plans to map the following Documents:

This Month:

ISO/IEC 13443, Information technology — Artificial intelligence — Guidance on risk management [AD 3611]
NI5T SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final) [AD 3566]

BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0 [AD 3579]

This Quarter:

Iowa Code Annotated, Section 715D, An Act Relating to Consumer Data Protection, Providing Civil Penalties, and Including Effective Date Provisions [AD 3613]

Next Quarter

Australian Government Information Security Manual, December 2022 [AD 3595]


Authority Documents


What's new and popular in the CCH?  

Here is the list of the 50 Monthly Selected Authority Documents, including how many groups and initiatives each Authority Document has been assigned!  

See the list below for Authority Documents published since our last newsletter

Configuration Management

2019 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus - 2022) [AD: 3609]
NCSC CAF guidance, 3.1 [AD: 3612]

Cybersecurity

National Cybersecurity Strategy [AD:3598
NCSC CAF guidance, 3.1 [AD: 3612]
2019 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus - 2022) [AD: 3609]
Cloud Security Guidance, 2 [AD: 3610]
NCSC CAF guidance, 3.1 [AD: 3612]

IT Security

2019 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus - 2022) [AD: 3609]
Cloud Security Guidance, 2 [AD: 3610]
NCSC CAF guidance, 3.1 [AD: 3612]

Monitoring and Reporting

2019 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus - 2022) [AD: 3609]
NCSC CAF guidance, 3.1 [AD: 3612]

Operational and Systems Continuity

2019 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus - 2022) [AD: 3609]
NCSC CAF guidance, 3.1 [AD: 3612]

Privacy

2019 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus - 2022) [AD: 3609]
NCSC CAF guidance, 3.1 [AD: 3612]

Product Design and Development

2019 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus - 2022) [AD: 3609]

Records Management

2019 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus - 2022) [AD: 3609]
NCSC CAF guidance, 3.1 [AD: 3612]

Risk Management

2019 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus - 2022) [AD: 3609]
NCSC CAF guidance, 3.1 [AD: 3612]

Third Party and Supply Chain Management

2019 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus - 2022) [AD: 3609]
NCSC CAF guidance, 3.1 [AD: 3612]

Which Authority Documents are most important to you? Submit a request here.


Newsletter: Read Past Editions


Want to read the news released about Unified Compliance? All released newsletters are posted the same day they are emailed. Check out post UCF news. Read our Newsletters.


Suggestions/Comments: Email Us


Thanks for Reading our newsletter. If you have any suggestions or comments, please, email us

Best Wishes,

Aubrey Bousley, Account Manager

and the UCF Sales Team

702.805.2613
abousley@unifiedcompliance.com

linkedin

twitter

facebook

Unsubscribe / Preferences | Privacy Policy 

Copyright © 2022 UnifiedCompliance.com All Rights Reserved.

Unified Compliance · 10161 Park Run Dr. Suite 150 · Las Vegas, NV 89145 · USA