Responsible Use of AI

Effective Date: November 2025

  1. Purpose and Commitment
    Validfor OÜ is dedicated to using Artificial Intelligence (AI) in a way that enhances data integrity, documentation accuracy, and operational efficiency while fully preserving compliance, privacy, and human judgment.
    Our AI-assisted technologies are designed to support validation and quality operations in highly regulated industries without automating or replacing critical human oversight.
  2. Applicability
    This policy applies to all Validfor employees, contractors, and approved collaborators involved in designing, developing, maintaining, or using AI capabilities within Validfor’s products or internal processes.
    It also governs any research, documentation, or creative work performed with the assistance of external AI tools under the Validfor name.
  3. Core Principles for AI at Validfor
  • Human-Centered Design:AI serves as a decision-support tool; human experts remain fully responsible for outcomes and approvals.
  • Compliance First:All AI activities must align with international regulatory frameworks such as GAMP 5, Annex 11, 21 CFR Part 11, and GDPR.
  • Fairness and Explainability:Models must be reviewed to minimize bias and ensure that recommendations are interpretable and traceable.
  • Risk-Based Validation:AI functionality is validated proportionally to its impact on regulated processes.
  • Ethical Conduct:All AI applications must respect intellectual property, confidentiality, and fundamental human rights.
  1. Governance and Tool Approval
    The Chief Technology Officer (CTO) is responsible for maintaining an internal registry of authorized AI and generative-AI tools.
    Only tools that meet defined security, privacy, and data-handling standards may be used.
    Employees who wish to suggest additional tools must submit a formal request for security review and technical testing before adoption.
  2. Acceptable Use and User Responsibilities
  • Confidential client data, proprietary information, or personally identifiable data must never be entered into any commercial or public AI service.
  • Prior to using any AI tool, staff must:
    Obtain written supervisor approval.
    • Complete internal Responsible AI Use training.
    • Accept and sign the AI usage conditions.
  • Only company-issued accounts may be used; personal logins are strictly prohibited.
  • Users must choose privacy settings that disable data retention and opt out of model training whenever possible.
  • AI tools may only be accessed via approved browser interfaces; downloads or local installations are not permitted.
  1. Safeguarding Data and Privacy
    Validfor handles all personal and customer data in compliance with itsPrivacy Policyand applicable data-protection laws.
    Any accidental disclosure or potential data breach involving AI tools must be reported immediately to the Information Security Team or the Data Protection Officer.
  2. Client Data Isolation and Security
  • Every customer operates in an isolated, validated instance of the Validfor platform.
  • No customer data is transferred to external AI services or used to train third-party models.
  • All AI processing occurs within Validfor’s controlled infrastructure under documented access management.
  • Regular internal audits verify data segregation, logging, and system integrity.
  • Clients maintain full visibility over how their information is accessed and processed.
  1. Oversight, Accuracy, and Quality Control
  • All AI-generated outputs must be reviewed by qualified personnel before being used in official documentation or communications.
  • AI assistance may not be used for critical validation decisions or regulatory submissions without explicit CTO approval.
  • All AI interactions are logged within the platform’s audit trail for traceability and accountability.
  1. Suitable Applications of AI
    AI may be used for non-critical and clearly supervised purposes such as:
  • Drafting internal technical notes, reports, or templates.
  • Conducting background research using publicly available data.
  • Preparing training or awareness materials.
  • Supporting analytics for internal performance insights that do not affect regulatory deliverables.
  1. Continuous Review and Improvement
    This policy will evolve alongside technological and regulatory developments.
    Employees are encouraged to share practical experiences and insights to help refine Validfor’s approach to responsible AI use across all teams.
  2. Compliance and Enforcement
    All personnel must adhere to this policy. Breaches may result in disciplinary measures, access restrictions, or contractual review.
    The Legal & Compliance Department, in collaboration with the CTO and DPO, monitors policy enforcement and provides advisory support on complex AI-related cases.
  3. Closing Statement
    Validfor OÜ integrates AI with the same rigor it applies to validation itself through documented control, transparency, and verification.
    By following this policy, we ensure that innovation serves compliance, and that every AI-assisted outcome strengthens rather than risks trust, ethics, and regulatory confidence.

Contact for Compliance Matters: info@validfor.com