myctrl.tools
Compare

A002Establish output data policy

>Control Description

Establish AI output ownership, usage, opt-out and deletion policies to customers and communicate these policies

Application

Mandatory

Frequency

Every 12 months

Capabilities

Universal

>Controls & Evidence (1)

Legal Policies

A002.1
Documentation: Output usage and ownership policy

Core - This should include:

- Establishing output ownership and usage rights policies. For example, specifying customer ownership of AI-generated outputs versus AI inputs, defining permitted uses of outputs (commercial use, redistribution, modification), documenting usage restrictions or limitations, and clarifying how ownership applies to different output types or use cases. - Disclosing opt-out and deletion procedures for AI outputs. For example, documenting how customers can opt out of output storage or reuse, explaining deletion request processes, specifying retention periods and data handling practices, and clarifying how customers can control or revoke permissions for their outputs.

Typical evidence: Typically demonstrated by Terms of Service, Data Processing Agreement, Master Service Agreement, Privacy Policy, or AI Addendum. May be a combination of these policies.
Location: Terms of Service

>Cross-Framework Mappings

NIST AI RMF

GOVERN-6.1
MAP-2.1
MANAGE-3.1

Ask AI

Configure your API key to use AI features.