Skip to content

AI Systems Usage

AI tools like Sherlock, Claude, and Copilot are approved for everyday Holmes work, including client work, on our managed platforms. Free public AI (the free tiers of ChatGPT, Gemini, Claude.ai) is for genuinely public information only. Two things every user must hold onto. First, the approved tools are contracted so your prompts aren't used to train anyone's model, which is the whole point of using them instead of the free ones. Second, AI gets things confidently wrong, so anything it helps produce for a client must be checked by a qualified person before we rely on it. If you're building an AI tool or an agent that acts on our systems, this policy has more for you, so talk to IT early.

Terms are defined in the Framework.

1. How this policy is organised

Section 3 is for everyone who uses AI: short and plain. Section 4 is for owners deploying or building AI systems. Section 5 covers agentic AI, where AI acts on Holmes systems. Read the part that's yours.

2. Guiding principle

Holmes assesses AI the same way it assesses any digital service, by what happens to the data, not by whether the label says "AI" (04). AI adds two concerns beyond ordinary cloud services, and these drive the extra controls here: models can retain or learn from inputs, and models generate plausible but sometimes wrong output.

3. For everyone who uses AI

Ref Requirement
AI.1 You MUST use only Holmes-approved AI tools for any Holmes information (CONFIDENTIAL or above). The current approved list is in the register (section 6).
AI.2 You MAY use free or public AI tools only with PUBLIC information: general research, learning, public-domain material. You MUST NOT put client work, internal documents, or anything not already public into free or public AI, on any device, including your own.
AI.3 You MUST NOT enter personal information, or RESTRICTED information, into any AI tool unless that tool is approved for it (section 4).
AI.4 You MUST have a qualified person review AI-assisted analysis, calculations, drawings, or client-facing content before Holmes relies on or issues it. AI output is a draft, not an authority.
AI.5 You MUST report suspected exposure of Holmes information through an AI tool immediately (12). It's the same front door as any other incident.

AI.4 matters because an LLM turns your prompt into numbers and predicts likely next words. It doesn't know whether an answer is right. For a practice carrying professional liability, unreviewed AI output is a liability, not a deliverable.

Personal use and free AI on Holmes devices. Free public AI is allowed for public information (AI.2). Holmes can't fully prevent confidential information being pasted into a free tool, so the control is your judgement, backed by data-loss monitoring (02 IC.10). The approved tools are provisioned to be good enough that reaching for a free tool is rarely worth it, so use them. Putting confidential Holmes or client information into a free or public AI is a breach whether or not anything technical stops you.

4. For owners deploying or building AI systems

Ref Requirement
AI.6 An AI system's approval record MUST state which classification levels it may process (02, 04 CLD.1).
AI.7 AI systems handling CONFIDENTIAL or RESTRICTED information MUST be approved before use, on the risk assessment below.
AI.8 The risk assessment MUST cover, in addition to the standard cloud criteria (04 CLD.3): training-data exclusion (confirmation that inputs aren't used to train, fine-tune, or improve the provider's models); retention and deletion; encryption in transit and at rest; data ownership, transmission, and storage regions; provider certification; whether the system merely processes data transiently or stores it (higher scrutiny for storage); sub-processor disclosure; and output rights (who owns and may use generated output, which matters for engineering deliverables).
AI.9 Access to Holmes AI systems MUST follow least privilege, with MFA and audit logging (03, 11).
AI.10 AI-system access MUST be recorded and authorised, and access to systems holding CONFIDENTIAL or RESTRICTED data MUST be reviewed at least annually.

5. Agentic AI

Ref Requirement
AI.11 AI that takes automated actions on Holmes systems or data (agents, AI-driven workflows, AI with tool or API access) MUST have its authorisation scope, action boundaries, and human-in-the-loop requirements assessed and approved before deployment, as part of AI.7 and AI.8.
AI.12 Agent actions MUST be audit-logged (11).
AI.13 Agent credentials and identities MUST follow the non-human-identity rules in 03 (IAM.24 to IAM.28): scoped, owned, short-lived where possible, secrets in the approved store.
AI.14 Agents that read from or write to code, pipelines, or infrastructure MUST also comply with 09 Secure Development.

6. The approved-tools register

Ref Requirement
AI.15 A register of approved AI tools MUST be maintained, recording for each tool the classification levels approved, the date of its AI.8 assessment, its owner, and its next review date.
AI.16 A tool MUST NOT be presented to staff as approved until its AI.8 assessment is recorded in the register.

Currently approved for Holmes (CONFIDENTIAL) work, subject to the controls above: Sherlock (Holmes' internal AI service, with its definition and hosting to be stated in the register), Claude (Team subscription), Microsoft 365 Copilot, and Azure OpenAI Service. Free public tiers of ChatGPT, Gemini, and Claude.ai are for public information only. The register, with assessment dates, is what tells a user that a tool's assessment (AI.8) has actually been done.

7. Governance

Ref Requirement
AI.17 This policy MUST be formally approved and its approval recorded before it's enforced.

Training-data exclusion (AI.8) is the contractual control that lets Holmes assure clients their data won't leak into a model. It's mirrored in the Client Assurance Statement (04 CLD.20).

Personal information in AI systems engages the full privacy regime (NZ Privacy Act 2020, GDPR, AU APPs), including automated-decision and transparency rules under GDPR. Route any AI system that makes or materially informs decisions about individuals through Legal.

AI.4 is where professional-liability exposure concentrates. For an AEC practice it's arguably the most important clause here and should be read alongside professional-body obligations such as CPEng and Engineering NZ, and the AU and US equivalents.

Counsel and professional-practice review is needed on AI.4 (reliance and disclosure) and on the output-rights position (AI.8).

00 Framework, 01 Acceptable Use, 02 Information Classification, 03 Identity & Access, 04 Cloud & Third-Party, 09 Secure Development, 12 Incident Response.