How to create a practical staff AI-use policy, including privacy and Voluntary AI Safety Standard considerations.
dgm is an independent osFoundry integration partner — not affiliated with osFoundry’s maker (OS LLC), and dgm has no completed client integrations yet.
An internal AI use policy keeps staff productive with AI while protecting the business. For Australian organisations it should reflect the Privacy Act and the Voluntary AI Safety Standard.
| Item | Detail |
|---|---|
| Approved tools | Which AI tools are allowed for what |
| Data rules | What data may/may not go into AI tools |
| Privacy | Privacy Act / APP handling of personal data |
| Accountability | Human review of important AI outputs |
What a policy should cover
Which AI tools are approved and for what; what data may and may not be entered (no client-confidential or personal data into ungoverned tools); privacy obligations under the Privacy Act and the Australian Privacy Principles; and the expectation that important AI outputs are reviewed by a person.
Make it practical
A policy people actually follow is short, specific and paired with approved tools that make the right thing easy. A blanket ban just drives shadow use.
Tie it to your setup
Align the policy to the Voluntary AI Safety Standard’s guardrails, and if you provide a governed, privacy-respecting AI platform, the policy becomes ‘use this for these tasks’. osFoundry’s managed cloud pins data to the US, EU or Japan — it does not currently offer an Australian managed region. For data that must stay in Australia, the honest path is self-hosting osFoundry (BYO Cloud) inside an Australian cloud region such as AWS (Sydney or Melbourne), Microsoft Azure (Australia East, Australia Southeast or Australia Central in Canberra) or Google Cloud (Sydney or Melbourne), or running models locally on-device.
Where dgm fits
dgm is an independent integration partner that helps Australian businesses adopt osFoundry — scoping a first use case, handling the build, and connecting AI to the systems you already run. dgm is independent of osFoundry’s maker (OS LLC) and has no completed client integrations yet, so everything described here is a service offered, not a past result. If you want to scope a practical first project, dgm can help you map it out.