<img src="https://www.companydetailscompany.com/797693.png" style="display:none;">
LoginSupport
Login
Book a Demo

WorkBuzz commitment to
secure and private AI

Understanding and listening to your employees is critical in creating a workforce that is engaged, motivated, achieves the organization's goals and remains loyal and connected to each other and the organization itself.

WorkBuzz transforms data into actionable insights to help you achieve your goals and create an engaged workforce, whilst our commitment to security and data privacy ensures your information and data is protected at all times. It is at the heart of everything we do. As Artificial Intelligence (AI) becomes ever more embedded in our working lives, we want to set out our commitment to ensuring that our use of AI is ethical, responsible, secure and complies with existing data protection legislation and practice.

This document outlines the security measures and guidelines to protect the integrity, confidentiality, and availability of AI systems and data within Workbuzz. Our commitment to security also applies to all AI systems, algorithms, models, and related data utilized by WorkBuzz, whether developed in-house or provided by third parties. Our AI strategy combines a problem definition with timelines and planning based on a data strategy, algorithms strategy and infrastructure strategy. Data strategy fuels the AI algorithms and infrastructure provides the framework to run the AI system effectively.

Our approach to AI prioritizes ethics, privacy and the safeguarding of the data we store and process


  • WorkBuzz proprietary AI models:
    We develop proprietary AI models that are purpose-built with anonymized and aggregated data, hosted within WorkBuzz data centres. We use Amazon Web Serves (AWS) to host all our data. Client data never leaves the boundaries of our AWS instance when using our AI tools.

  • Third-party integrations:
    For some AI features, we partner with third-party sub-processors (Amazon Web Services, Microsoft Azure, Google Cloud Platform) via commercial enterprize agreements and product configurations we ensure that:

    1. Client data is kept separate and never added to any other Large Language Model (LLM) training data.
    2. Client data is used only for processing the request and not retained for any other purposes. This approach ensures we leverage advanced LLMs while maintaining our stringent data security standards.

We partnered with Anthropic for the use of their Claude Foundation Model. This model is considered the most responsible LLM on the market, with inbuilt controls for security, privacy, responsibility baked into its foundations. It also has anti-jailbreaking built in and centres around the ethical use of AI.

WorkBuzz governance and principles


We are GDPR compliant, ISO27001 certified and Cyber Essentials certified. At WorkBuzz, we have put in place a set of principles which govern the way we develop our AI capabilities ensuring that we protect the client data we store and process:

  • We only use anonymized and aggregated data for AI training purposes and this data is segregated from the live data environment.
  • Our AI tools only operate on the data that is collected as part of performing our employee listening services for clients. The outputs of these services are available in the platform dashboards.
  • Our AI must always comply to all legal and required data compliance specifications.
  • As AI use and complexity grows, we commit to building on our own principles for responsible AI.

 

Furthermore, we have in place several internal measures that we adhere to:

  • WorkBuzz responsibilities:
    • WorkBuzz Data Owners: Identify and classify AI data, ensuring proper handling and protection.
    • WorkBuzz AI Developers: Implement security controls in the AI development lifecycle.
    • WorkBuzz System Administrators: Maintain the security configuration of AI systems.
    • WorkBuzz Information Security Team: Create AI Security Policies and Processes, monitor activity and respond to AI-related security incidents.

  • Data Governance
    • We classify AI data based on sensitivity and implement appropriate access controls.
    • We regularly audit and review AI data access privileges.

  • AI Development Lifecycle Security
    • We conduct security assessments during the design and development of AI systems.
    • We implement secure coding practices and adhere to established security standards.

  • WorkBuzz AI Model Training and Validation
    • We ensure data used for training AI models is ethical, representative, unbiased, anonymized and aggregated.
    • We validate the outputs of our models for robustness, fairness, and security vulnerabilities.
    • To train LLMs for contextual awareness, we use few-shot samples. The we use for training is ethical, representative, unbiased and aggregated. WorkBuzz is not responsible for any problems like Bias inherent with LLMs.

  • Access Controls
    • We have implemented role-based access controls to restrict access to AI systems and data.
    • Regularly review and update access permissions based on job roles.

  • Training and Awareness
    • We provide regular security training for personnel involved in AI development and operation.
    • We foster a culture of security awareness among all employees.

Building and training WorkBuzz AI


WorkBuzz anonymizes and aggregates client data before it is used in any AI training. Our Data Protection Officer and the ISMS Manager ensures that WorkBuzz are compliant with all legal and information security requirements, and they have sight of all data access requests for AI training and development. Data that identifies an individual or client (also known as Personally Identifiable Information - PII) is removed during anonymization ensuring that the dataset cannot be traced back to its original source. This ensures that the data can be used for training, confident that security compliance has been maintained.

Our anonymization and aggregation process is conducted in house within the WorkBuzz instance, and we do not outsource this process to any third parties.

Client access to WorkBuzz AI tools and features


WorkBuzz AI operates only on the data that the client has given permission to access and view within their dashboard. Access controls are set by client admins in conjunction with WorkBuzz Customer Service Managers (CSM’s). This ensures that any insights generated by WorkBuzz AI can only be accessed and viewed by authorized users within the client organization.

Ensuring security and privacy requirements


Safeguarding customer data is the number one priority for WorkBuzz and we implement strict data handling protocols, ensuring minimal data processing by sub-processors and so that we maintain total control over data access and retention. When integrating with third-party vendors, such as Amazon Web Services, Microsoft Azure, OpenAI, etc., we enforce stringent data protection agreements, ensuring data is used solely for the intended analysis. At no point does any sub-processor use any data for its own model training.

Our data management practices are transparent and compliant with privacy laws and regulations. We store data in regional data centres within the EEA and process data in line with the purpose. Data access is controlled, and we have a number of policies and procedures in place to ensure this takes place.

Data ownership and location


Clients own and control the data supplied to WorkBuzz for the purposes of employee listening research and are the Data Controller, whilst WorkBuzz is the Data Processor. All customer data is stored in a multi-tenant data centre within the EEA. While client data is hosted within the EEA, data may be transferred and processed outside the EEA to comply with client requests or instructions (e.g., support purposes, use of sub-processor services) or as necessary to provide the cloud service.

WorkBuzz clients determine the following about their data:

  • What is the purpose for collecting the data?
  • What type of data is collected from employees?
  • How and where to collect data?
  • Who has access to the data?
  • When to delete the data?

The ethical use of AI at WorkBuzz


WorkBuzz incorporate responsible machine learning techniques to ensure data is used ethically and responsibly, focusing on fairness and avoiding biases, especially so for some of the sensitive personal information we collect on behalf of clients. As we develop WorkBuzz AI, we conduct qualitative and quantitative evaluations of AI model outputs to ensure their accuracy and relevance.

WorkBuzz is dedicated to providing secure, ethical, and effective AI solutions. Our comprehensive information security management system, combined with colleagues who are dedicated to ensuring the highest standards for data security and privacy, ensures that at WorkBuzz, client data is always treated with the utmost respect and security.