ISC Policy 3.00: Generative Artificial Intelligence (AI)

All State Information Technology (IT) resources must be appropriately and adequately protected against unauthorized access, modification, destruction, or disclosure.

REFERENCE: Tennessee Code Annotated, Section 4-3-5501, et seq., effective May 10, 1994. Strategic Technology Solutions, Tennessee Information Resources Architecture.

OBJECTIVES:

1. Protect all (IT) resources in accordance with state and federal laws and regulations.

2. Ensure that State personnel have access to Generative AI technologies in a way that safeguards State data and limits the possibility of State data being actively used in consumption or training of public Generative AI solutions.

3. Provide enterprise capabilities in support of the safe and effective use of Generative AI systems.

4. Ensure agency technical direction for using Generative AI is in alignment with overall State technology direction.

SCOPE:

This policy applies to all branches, agencies, departments, boards, and commissions of State government.

IMPLEMENTATION:

Department of Finance & Administration, Strategic Technology Solutions (STS)

1. Align Generative AI Governance with existing Governance mechanisms for solutions development and delivery.

2. Enterprise services made available to support the use of Generative AI will be consistent with existing data protection controls currently in place.

3. Define the architecture for a Generative AI system to be used by the State.

4. Provide processes to support the State’s use of Generative AI systems.

5. Provide processes that provide for human interaction for the validation of all Generative AI entered inputs.

Agency Business Management and IT Resources

1. Implement technology direction for Generative AI and objectives in alignment with overall State objectives and comply with the Tennessee Information Resources Architecture.

2. Participate in the architectural review process and provide feedback on the Generative AI capabilities.

3. Participate in the development of processes that provide for human interaction for the validation of all Generative AI entered inputs.

4. Provide processes that provide for human interaction for the validation of all Generative AI created outputs.

02/28/2024 – Approved by the Information Systems Council