Develop, implement, and manage artificial intelligence solutions in an ethical, secure, transparent, and people-centered manner that generate sustainable value for customers and communities by optimizing processes and supporting decision-making, in compliance with applicable legal, regulatory, and policy requirements.
Justification
At Sofis Solutions, we understand that artificial intelligence (AI) represents a transformative opportunity to improve the lives of communities and individuals, optimize public and private processes, and advance toward sustainable development. As a company committed to ethics, transparency, and social impact, we take responsibility for ensuring that the design, development, implementation, and operation of AI systems are carried out in a reliable, secure, and people-centered manner.
This policy establishes the framework of principles and commitments that guide our management of artificial intelligence in alignment with our mission, organizational values, and the requirements of the ISO/IEC 42001:2023 standard.
Scope
This policy applies to all processes, projects, solutions, and services developed or provided by Sofis Solutions that incorporate artificial intelligence or automated decision-making capabilities, including those offered to clients in the public, private, and international cooperation sectors.
Audience
Internal audience
All Sofis Solutions employees, regardless of their role or location.
Teams specializing in the development, implementation, testing, and maintenance of AI-powered solutions.
Project managers and functional managers.
Committee or officials responsible for AI governance and ethics.
Functional areas involved in the provision or oversight of AI (cybersecurity, quality, legal, HR).
External HearingPublic hearing
Customers and strategic partners who use, purchase, or integrate AI solutions from Sofis Solutions.
Suppliers and third parties that provide data, models, algorithms, or AI infrastructure.
Regulatory and certification bodies that audit or oversee the AI management system.
Communities and end users of the solutions, where applicable, with regard to transparency and the right to information.
Responsibilities
Senior management
Approve the AI Policy and its revisions.
Ensure that the necessary human, technical, and financial resources are available for its implementation.
Periodically review the effectiveness of the AI management system.
AI Lead / AI Governance Committee
Lead the implementation and maintenance of the AI Management System.
Ensure compliance with the policy in all projects and services.
Coordinate the risk and impact assessment of AI systems.
Approve or reject high-impact AI projects before they are deployed.
Project Managers / Technical Leaders
Integrate the principles and commitments of the policy into the lifecycle of AI systems.
Ensure the quality, traceability, and security of data and models.
Report incidents, deviations, or nonconformities related to AI.
Cybersecurity / Information Security Division
Implement and monitor protective measures against specific AI threats.
Integrate security requirements into the development, operation, and maintenance of AI.
Legal and Compliance Department
Verify compliance with data protection laws, copyright laws, industry regulations, and contractual requirements applicable to AI.
All employees and contractors
Understand and comply with the policy in activities involving AI.
Participate in training and awareness-raising activities.
Report any concerns, risks, or incidents to the AI lead.
Company Commitments
As part of its Artificial Intelligence Management System, Sofis Solutions is committed to:
Comply with applicable laws and regulations, including data protection laws, industry regulations, and international ethical frameworks applicable to AI.
Design and implement AI risk management processes, covering technical, social, legal, and ethical aspects.
Assess the potential impact of AI systems, especially when they directly affect individual rights or critical decisions.
Ensure data quality and governance, including the traceability, integrity, and representativeness of the data used to train models.
Promote continuous improvement of the AI management system through internal audits, management reviews, and periodic updates to this policy.
Promote staff training and awareness so that everyone involved understands the principles and risks associated with the use of AI.
Establish governance mechanisms, such as ethics committees or technical reviewers, to oversee high-impact AI-based developments.
Maintain an active dialogue with stakeholders, including customers, users, communities, and regulators, to foster trust and shared responsibility.
Communication and Reviews
It is approved by senior management and communicated to all levels of the organization.
It is available to customers and stakeholders who request it.
It will be reviewed at least once a year, or whenever there are significant changes in regulations, the organizational context, or the technologies used.