AI Firewall - Questionnaire

By Agat Support
3 min

Here’s a tailored questionnaire to gather essential information to help build effective and customized firewall policies for BusinessGPT's AI firewall solution.

This questionnaire is organized into 2 sections to cover key areas relevant to AI Usage and Data Protection.

 

Questionnaire for BusinessGPT AI Firewall Policy Creation

Section 1: Policies to Control AI Usage

This section focuses on understanding how your organization intends to use AI tools, so we can set boundaries on usage based on user roles, objectives, and specific tasks.

1. Objectives and Use Cases for AI

  1. What are the primary goals of using generative AI tools in your organization?

    • Knowledge generation

    • Process automation

    • Customer support

    • Internal decision-making

    • Other (please specify)

  2. Which business areas will AI primarily support?

    • Marketing

    • Sales

    • Product development

    • Operations

    • HR

    • Other (please specify)

  3. What concerns do you have regarding AI use in your organization?

    • Data privacy and confidentiality

    • Regulatory compliance

    • Data accuracy and reliability

    • Internal policy enforcement

    • Other (please specify)

2. User Roles and Access Control

  1. What roles or departments will have access to AI tools?

    • Executives/Management

    • Data analysts

    • Marketing

    • Sales

    • Customer support

    • IT/Engineering

    • Other (please specify)

  2. Would you like to implement specific AI usage policies based on user roles or departments?

    • Yes (please describe any specific requirements per role or department)

    • No

  3. Are there particular tasks you want to restrict for certain roles or groups?

    • Yes (please specify tasks to restrict per role/group)

    • No

3. Risk Management and Usage Restrictions

  1. Which actions or tasks should be limited or monitored for AI use?

    • Generating or summarizing sensitive data

    • Extracting or querying personal data

    • Using AI for specific tasks only (e.g., customer support vs. internal operations)

    • Limiting generative AI use based on time or project phase

    • Other (please specify)

  2. Do you have existing internal policies around AI usage that need to be enforced?

    • Yes (please describe or attach policy documentation)

    • No

  3. What compliance requirements or standards should the AI firewall enforce (e.g., SOC 2, ISO 27001, NIST)?

4. Reporting and Analytics for AI Usage

  1. Would you like detailed reports on AI usage by user, department, or project?

    • Yes (please specify report frequency and detail level)

    • No

  2. What usage metrics are most valuable for you to monitor?

    • User activity logs

    • Data type or sensitivity level accessed

    • Task or purpose categorization (e.g., summarization, content generation)

    • Other (please specify)

  3. Are there specific alerts you would like when AI misuse is detected (i.e., policy violations)?

    • Yes (please specify scenarios and thresholds)

    • No

  4. Which policy violations should be blocked and which should be flagged?

Section 2: Policies to Control Data Protection

This section aims to understand the types and sensitivity levels of data that the GenAI tool will access, ensuring we set appropriate data protection policies.

1. Data Sensitivity and Privacy Requirements

  1. What types of data will the AI tools access?

    • Personal data

    • Financial data

    • Intellectual property

    • Sensitive company data

    • Public data

    • Other (please specify)

  2. How would you classify the sensitivity of data used by AI tools?

    • Highly sensitive (restricted access)

    • Moderately sensitive (internal use only)

    • Low sensitivity (minimal restrictions)

  3. Are there specific privacy policies or compliance regulations (e.g., GDPR, CCPA, HIPAA) your users and the AI tools must follow?

    • Yes (please specify)

    • No

3. Monitoring and Reporting on Data Use

  1. Would you like reports on data handling, access, and sensitivity level by user, department, or project?

    • Yes (please specify report frequency and detail level)

    • No

  2. What specific data usage metrics would be beneficial to track?

    • Data accessed by sensitivity level

    • Instances of sensitive data access

    • Unauthorized data access attempts

    • Other (please specify)

  3. Do you require alerts for specific data access violations (e.g., restricted data access, policy breaches)?

    • Yes (please specify scenarios)

    • No

4. Security and Compliance Controls

  1. What current security controls do you have in place for data access and usage?

    • Firewalls

    • Access control lists

    • Data encryption

    • Data classification systems

    • Other (please specify)

  2. What AI misuse scenarios related to data would you like the firewall to detect or alert you about?

    • Unauthorized exposure of restricted data

    • Sensitive data extraction or sharing

    • Other (please specify)

  3. Are there any additional data protection needs or requirements for AI that we haven’t covered?

Related content