AgentSkillsCN

ai-policy-drafter

在制定AI治理政策时使用。适用于AI项目的启动与落地阶段。该技能可生成可接受使用政策、指南,以及防护措施文档。

SKILL.md
--- frontmatter
name: ai-policy-drafter
description: Use when creating AI governance policies. Use when establishing AI program. Produces acceptable use policies, guidelines, and guardrails documentation.

AI Policy Drafter

Overview

Create comprehensive AI governance policies that enable innovation while managing risk. Draft acceptable use policies, development guidelines, and operational guardrails.

Core principle: Policies should enable responsible AI adoption, not block it. Clear guidelines reduce risk and accelerate good decisions.

When to Use

  • Launching AI program
  • Responding to regulatory requirements
  • After AI incidents
  • Annual policy review
  • New AI capability deployment

Output Format

yaml
ai_policy:
  title: "[Policy title]"
  version: "[X.Y]"
  effective_date: "[YYYY-MM-DD]"
  owner: "[Policy owner]"
  
  metadata:
    scope: "[Who/what this applies to]"
    related_policies: ["[Related policy]"]
    review_schedule: "[Frequency]"
    next_review: "[Date]"
  
  sections:
    - section: "[Section title]"
      content: "[Policy content]"
      requirements:
        - requirement: "[Requirement statement]"
          mandatory: [true | false]
          applies_to: "[Who must follow]"
      
      exceptions:
        process: "[How to request exception]"
        authority: "[Who can approve]"
  
  definitions:
    - term: "[Term]"
      definition: "[Definition]"
  
  compliance:
    enforcement: "[How enforced]"
    violations: "[Consequences]"
    reporting: "[How to report issues]"
  
  approvals:
    - approver: "[Name/Role]"
      date: "[Date]"

Policy Types

Acceptable Use Policy

yaml
au_policy_sections:
  purpose:
    - "Define appropriate use of AI tools"
    - "Protect organization and individuals"
    - "Enable responsible innovation"
  
  scope:
    - "All employees using AI tools"
    - "All AI-generated content"
    - "Both approved and shadow AI"
  
  permitted_uses:
    - "Internal productivity (drafting, research)"
    - "Customer-facing with human review"
    - "Development and testing"
  
  prohibited_uses:
    - "Processing restricted data without approval"
    - "Automated decisions affecting individuals"
    - "Generating harmful or misleading content"
    - "Circumventing security controls"
  
  requirements:
    - "Human review of customer-facing output"
    - "No confidential data in public AI tools"
    - "Disclose AI-generated content when required"
    - "Report security incidents immediately"

Development Standards

yaml
dev_standards_sections:
  model_development:
    - "Document training data sources"
    - "Test for bias before deployment"
    - "Version control all artifacts"
    - "Peer review all production models"
  
  llm_applications:
    - "Implement prompt injection protections"
    - "Log all generations for audit"
    - "Set appropriate content filters"
    - "Test adversarial scenarios"
  
  deployment:
    - "Security review required"
    - "Performance baseline documented"
    - "Rollback capability tested"
    - "Monitoring configured"

Ethical AI Principles

yaml
principles:
  transparency:
    - "Disclose when AI is used in decisions"
    - "Provide explanations when requested"
    - "Document model limitations"
  
  fairness:
    - "Test for disparate impact"
    - "Monitor for bias in production"
    - "Enable human appeal of decisions"
  
  accountability:
    - "Assign human owner for each AI system"
    - "Maintain audit trail"
    - "Report incidents promptly"
  
  safety:
    - "Assess potential harms before deployment"
    - "Implement appropriate safeguards"
    - "Monitor for unexpected behavior"

Key Policy Elements

Data Handling for AI

yaml
data_policy:
  classification:
    - level: "Restricted"
      ai_use: "Prohibited without specific approval"
      examples: ["PII", "Financial data", "Trade secrets"]
    
    - level: "Confidential"
      ai_use: "Approved internal tools only"
      examples: ["Internal docs", "Customer communications"]
    
    - level: "Public"
      ai_use: "Generally permitted"
      examples: ["Published content", "Public data"]
  
  external_ai_tools:
    prohibited: ["Restricted data"]
    requires_approval: ["Confidential data"]
    permitted: ["Public data", "Synthetic data"]

Human Oversight Requirements

yaml
human_oversight:
  high_risk_decisions:
    definition: "Decisions affecting rights, safety, or significant outcomes"
    requirement: "Human makes final decision"
    examples: ["Hiring", "Credit", "Medical", "Safety-critical"]
  
  medium_risk:
    definition: "Significant business impact"
    requirement: "Human review before action"
    examples: ["Customer communications", "Financial reports"]
  
  low_risk:
    definition: "Limited impact, reversible"
    requirement: "Spot-check and monitoring"
    examples: ["Internal drafts", "Research assistance"]

Third-Party AI

yaml
third_party_policy:
  approval_required:
    - "New AI vendor or tool"
    - "Significant change in use"
    - "Processing of sensitive data"
  
  assessment_checklist:
    - "Security questionnaire completed"
    - "Data processing agreement in place"
    - "Privacy impact assessed"
    - "Business continuity considered"
  
  ongoing_requirements:
    - "Annual vendor review"
    - "Monitor for incidents"
    - "Track usage and cost"

Policy Development Process

Stakeholder Input

yaml
stakeholders:
  must_consult:
    - "Legal/Compliance"
    - "Security/Privacy"
    - "HR (if employee-facing)"
    - "Business unit leaders"
  
  should_consult:
    - "AI practitioners"
    - "End users"
    - "Risk management"

Review and Approval

yaml
approval_workflow:
  draft: "Policy owner creates draft"
  legal_review: "Legal validates compliance"
  stakeholder_review: "Key stakeholders comment"
  revision: "Incorporate feedback"
  executive_approval: "Sponsor approves"
  communication: "Announce and train"
  effective: "Policy in force"

Communication Templates

Policy Announcement

markdown
**New AI Policy: [Policy Name]**

**What:** [Brief description]

**Why:** [Rationale]

**Key Requirements:**
- [Requirement 1]
- [Requirement 2]

**Effective:** [Date]

**Questions:** [Contact]

**Full Policy:** [Link]

Quick Reference Card

markdown
## AI Use Quick Reference

**DO:**
✓ Use approved tools for productivity
✓ Review AI outputs before sharing
✓ Report security concerns

**DON'T:**
✗ Put confidential data in public AI
✗ Automate decisions about people
✗ Present AI content as your analysis

**Questions?** [Contact]

Checklist

  • Policy purpose clear
  • Scope defined
  • Requirements specific and actionable
  • Exceptions process documented
  • Legal review completed
  • Stakeholders consulted
  • Approval obtained
  • Communication plan ready
  • Training identified
  • Review schedule set