Page 1 of 1
Norma Smart Audit
Section 1: Core Business & AI Architecture
1. How does your company primarily use AI?
*
1. How does your company primarily use AI?
A
We strictly use third-party tools (like ChatGPT, Claude, Midjourney, or APIs).
B
We build, train, or code our own custom AI software from scratch.
2. What tools does your team use to hire candidates or manage employees?
*
2. What tools does your team use to hire candidates or manage employees?
A
We use recruitment software or resume scanners that automatically rank, filter, or grade job applicants.
B
Our hiring is entirely manual (we just review PDFs and use basic emails or spreadsheets).
C
We use software, but I am not sure if it uses automated AI features to rank people.
3. Does your AI tool do any of these specific tasks?
*
3. Does your AI tool do any of these specific tasks?
A
High-Stake Decisions: It grades student exams, decides school admissions, calculates credit scores for loans, or sets insurance prices.
B
Public Infrastructure: It controls utility systems (like water or electricity) or uses facial recognition software.
C
Standard Tasks: None of the above. It is used for standard office work like writing copy, summarizing documents, or running a basic customer-service chatbot.
Section 2: Customer & Data Privacy
4. Does your company use AI tools that interact directly with the public or generate content they will see?
*
4. Does your company use AI tools that interact directly with the public or generate content they will see?
A
Yes. We use things like website chatbots, voice assistants, or tools that make public images, text, or videos.
B
No, our AI use is purely internal (like data analysis or organizing spreadsheets).
5. What kind of information do your employees put into AI tools?
*
5. What kind of information do your employees put into AI tools?
A
General business info (brainstorming, public website text, generic notes).
B
Private or sensitive info (customer names, emails, financial records, or confidential client files).
6. Do you use your customers' private data to train AI tools and make them smarter over time?
*
6. Do you use your customers' private data to train AI tools and make them smarter over time?
A
Yes, we feed real customer data into the AI to train it.
B
No, we just use the tools exactly as they come.
7. When you deliver final work to your clients (like text, code, or marketing designs), do you tell them if AI was used to make it?
*
7. When you deliver final work to your clients (like text, code, or marketing designs), do you tell them if AI was used to make it?
A
Yes, we always officially disclose AI use to our clients.
B
No, we do not explicitly tell them.
Section 3: Internal Team Rules
8. Does your company have an official, written internal policy regarding AI usage?
*
8. Does your company have an official, written internal policy regarding AI usage?
A
Yes. We have a written policy, and all of our employees have read and signed it.
B
Partially. We have a policy written down, but we have not shared it with everyone, collected signatures, or checked if employees actually read it.
C
No. We do not have any written rules; employees just use whatever AI tools they want.
9. Does a human always review and approve AI-generated work before it is sent to clients or published live?
*
9. Does a human always review and approve AI-generated work before it is sent to clients or published live?
A
Yes. A person always double-checks everything before it leaves the company.
B
No. Some AI work is sent directly to clients or published without a human checking it first.
10. Has your team received basic training on AI risks, copyright rules, or how to spot AI hallucinations (when AI invents fake facts)?
*
10. Has your team received basic training on AI risks, copyright rules, or how to spot AI hallucinations (when AI invents fake facts)?
A
Yes, we have trained our team on these risks.
B
No, we haven't done any formal training yet.
Submit