AI Tools — Study Guide
Review these materials before taking the exam. All links open in the Krumware Confluence IO space.
Key Concepts
- Core principle: If the AI tool retains, trains on, or centralizes your input, do not put company or client data into it.
- Public data (Level 1) in approved tools is fine.
- Level 2+ data requires an approved tool with contractual data retention guarantees.
- Tool categories: Known-OK (approved list), Known-Prohibited (trains on inputs with no opt-out), Ask-First (everything else).
- Abstract the problem: Describe patterns generically instead of pasting client code.
- AI features in existing SaaS are in the Ask-First category — separate evaluation needed.
- Client requests to use AI require management approval and documentation in the engagement agreement.
- Approval process: Identify tool → review ToS → submit request to supervisor → wait for approval.
Policy References
| Document | Relevance |
|---|---|
| TRN-004 AI Tools Usage Guide | Full training guide — decision tree, scenarios, tool categories, approval process |
| POL-007 Acceptable Use & Communications Policy | Governing policy — approved tools, prohibited activities, AI tool usage rules |
| POL-002 Data Protection Policy | Data classification tiers — determines what data can go into which tools |
| TRN-002 Data Classification Guide | How to classify data before deciding if it can go into an AI tool |
| POL-012 Secure Development Policy | Code completion tools, secure coding with AI assistance |
Related Procedures
| Document | Relevance |
|---|---|
| PRC-004 Software Request Procedure | How to request approval for a new AI tool |