Auditing
We will discuss the importance of auditability in the context of regulatory compliance.
What is Auditing?
Auditing is the process in which a third-party entity, known as an auditor, ensures that a company is compliant with regulations. In the field of Large Language Models (LLMs) and Artificial Intelligence (AI), the relevant regulations often include GDPR, CPRA, HIPAA, and GLBA. Currently, there are no formal certification bodies for these regulations. Therefore, it falls upon the company to take responsibility for ensuring compliance.
In cases where a regulatory audit occurs, the company must provide evidence demonstrating compliance with the law.
How does Pontus help with Auditing?
The initial step in achieving auditability is to guarantee that your system is compliant with the applicable laws. This typically involves implementing techniques such as anonymization, differential privacy, and other measures to align your system with legal requirements. Using Pontus, you can easily implement these techniques with a few lines of code.
However, compliance alone is not enough; you must be able to prove it. This is where the ability to produce evidence comes into play. Every interaction with an LLM should be comprehensively logged. This logging should encompass the following key pieces of information:
- The identity of the user who initiated the request.
- The timestamp indicating when the request was made.
- Details of the anonymized request that was transmitted.
- The response provided.
- The specific model that was utilized.
Please note that this list is not exhaustive, and you should collaborate closely with your legal team to determine the comprehensive set of information that needs to be logged. With Pontus, we automate the logging of all this critical information as you use the system.
Furthermore, we offer the capability to generate compliance documents on-demand, specifically tailored to meet the requirements of GDPR, CPRA, HIPAA, and GLBA.