Capital Edge Consulting Group LLC

1. Purpose

This policy defines how Capital Edge Consulting Group uses artificial intelligence (AI) in a manner consistent with information security, confidentiality, integrity, and availability principles commonly reflected in ISO/IEC 27001–aligned management systems.

The objective is to enhance service quality and efficiency while maintaining appropriate data governance, human oversight, and accountability.

2. Scope

This policy applies to AI-enabled tools, including retrieval-augmented generation (RAG), used in the delivery of:

• Certification readiness and gap assessments

• Management system documentation development

• Ongoing compliance monitoring and advisory support

AI tools are used in support of professional services, not as autonomous decision-makers.

3. Information Security Principles

Capital Edge Consulting Group applies the following information security principles to AI use:

• Confidentiality: Client information is accessed only by authorized personnel and systems for approved service purposes.

• Integrity: AI-assisted outputs are reviewed and validated to prevent unauthorized or unintended modification of conclusions or deliverables.

• Availability: AI tools are used in a manner that supports continuity of service without creating single points of failure or operational dependency.

These principles align with commonly accepted ISO/IEC 27001 control objectives.

4. Data Governance and Handling

• Client data is used solely to perform contracted services

• Data access is limited to authorized personnel based on role and need-to-know

• AI tools are configured to respect contractual confidentiality and access controls

• Client information is not used to train public or third-party AI models outside the service context

• Data retention and disposal follow contractual and business requirements

Capital Edge Consulting Group does not use AI tools to independently store, reuse, or repurpose client data beyond the engagement scope.

5. Human Oversight and Control

Consistent with ISO-aligned governance expectations:

• All AI-assisted outputs are subject to human review and approval

• Consultants retain responsibility for professional judgment and conclusions

• AI tools do not make final determinations, certifications, or audit decisions

• Management system recommendations are validated for contextual accuracy

AI is treated as a supporting control, not a primary control.

6. Risk Management

AI use is evaluated as part of operational risk considerations, including:

• Appropriateness of AI use for the task

• Sensitivity and classification of information involved

• Potential impact of errors or misuse

• Dependency and reliability considerations

Where AI use presents elevated risk, additional review or alternative methods are applied.

7. Client Responsibility and Assurance Limitations

• Clients retain responsibility for implementation, operation, and compliance

• AI-assisted services do not constitute certification, assurance, or audit opinions

• Certification outcomes remain the responsibility of accredited certification bodies

• AI use does not guarantee outcomes or eliminate operational risk

8. Continuous Review and Improvement

Capital Edge Consulting Group periodically reviews AI usage practices to reflect:

• Changes in regulatory or certification expectations

• Information security best practices

• Client contractual requirements

Updates are made to ensure continued alignment with responsible governance principles.

9. Client Inquiries

Clients may request additional information regarding AI usage, data handling, or governance controls applicable to their engagement.

Effective Date: September 1, 2025
Policy Owner: Capital Edge Consulting Group