Security Training

OVERVIEW

Agenda

  • 01

    Platform Walkthrough

    AI model view and security classifications

  • 02

    Security Configuration

    Define hierarchical security classes and assign AI models to each class

  • 03

    Working with Sensitive Information

    Plan for handling different data types and internal communication about security

  • 04

    Risk and Impact Assessments

    Discussion of organizational requirements

  • 05

    Data Processing Agreements

    Review and finalize DPAs as needed

OBJECTIVES

What We'll Achieve Today

πŸ›‘οΈ

Psychological & Operational Safety

Build a foundation of trust through clear security classifications that give everyone confidence in where and how AI can be used

πŸš€

Remove the Fear-Blocker

Provide safe ground to start innovating by showing exactly what data can be used where, enabling your teams to say "yes" to AI

🎯

Enable Smart Decision-Making

Create different "rooms" for different use cases - work safely with public data in one space, sensitive data in another

βœ…

Compliance Made Simple

Configure the framework once as admins, so your users don't have to think about compliance - it's built into the platform

Platform Overview
PLATFORM WALKTHROUGH

Security Classifications

🏠 Think of Spaces as Different Rooms

Different processes have different requirements for functionality, integrations and security. In Intric, you can create different spaces that function as different rooms. Security classes create different rules for these rooms.

  • 🟒
    Open Room - Public data, full functionality and AI models available
  • πŸ‡ͺπŸ‡Ί
    EU Room - Data stays within EU, specific model selection
  • πŸ‡ΈπŸ‡ͺ
    Sweden Room - Data stays in Sweden, most restricted model selection

πŸ“Š Hierarchical Structure

Highest class at the top: Sweden β†’ EU β†’ Open. Models permitted in a higher class are automatically available in lower classes, but not vice versa.

πŸ’‘ Recommended Starting Point

  • 🎯
    Start with Open Information - Create one security class for public/open data to get started quickly
  • πŸ”
    Find Low-Hanging Fruit - Let teams discover valuable use cases without high barriers
  • πŸ“‹
    Build Strategy in Parallel - While users test, admins develop plans for sensitive data handling
  • πŸ”’
    Expand Gradually - Add more security classes as your strategy and routines mature

πŸ› οΈ You Configure Once, Users Work Safely

As admins, we set the rules. Your users simply work in the right room for their task - compliance is automatic.

Security Classifications
PLANNING

Working with Sensitive Information

πŸ” What Data Will You Process?

Think short-term and long-term:

  • 🟒
    Non-sensitive Information - Public documents, published reports, general information
  • πŸ“‹
    Personal Data - Names, email addresses, contact details
  • πŸ”
    Specially Protected Personal Data - Personal identity numbers (personnummer), coordination numbers
  • βš•οΈ
    Sensitive Personal Data - Health information, social services cases

🎯 Create Clear Labels

If you only allow "Open information", make sure your security class label clearly informs users about this restriction (e.g., "Open Data Only").

πŸ’¬ Internal Communication Strategy

  • πŸ“’
    Clear Guidelines - Communicate which rooms (spaces) are for which data types
  • πŸŽ“
    User Training - Help employees understand when to use which space
  • ❓
    Support Channels - Establish where users can ask questions or request exceptions
  • πŸ“Š
    Regular Updates - Keep communication fresh as your AI strategy evolves

βš–οΈ Enabling "Yes"

The goal isn't to block AI use - it's to provide clear, safe paths forward. Give IT and Legal the tools to say "yes" to specific use cases.

COMPLIANCE

Risk Assessment & Data Processing

πŸ“„ Data Processing Agreements (DPA)

  • πŸ“
    Purpose & Scope - What data is processed and why (based on your planned use)
  • πŸ”’
    Security Measures - Technical and organizational safeguards Intric has in place
  • 🌍
    Data Location - Where data is processed (aligned with your security classes)
  • πŸ‘₯
    Sub-processors - AI model providers (documented in our resources)
  • ⏱️
    Retention & Deletion - Data lifecycle management

🀝 DPA Support

Intric provides comprehensive DPA guidance and supporting documentation to make legal review straightforward.

πŸ“‹ Impact Assessment Discussion

  • πŸ”
    Personal Data Scope - What personal data will be processed? How sensitive is it?
  • βš–οΈ
    DPIA Requirement - Does your organization need a Data Protection Impact Assessment?
  • πŸ“Š
    Organizational Requirements - What are your specific risk tolerance levels and compliance needs?
  • πŸ”
    Security Standards - Industry regulations, internal policies, legal mandates

🎯 Risk Mitigation Built-In

Security classifications are your primary risk control - they ensure data is only processed by appropriate AI models in appropriate contexts.

ACTION ITEMS

Next Steps After Today

Your responsibility

πŸ”
Identify Personal Data Processing
Think about if and which personal data you will process in Intric
πŸ“„
Start Drafting DPA
Begin drafting Data Processing Agreement based on Intric's supporting documents
πŸ‘₯
Plan AI Ambassadors & Communication
Think about internal communication strategy and who will be AI ambassadors

's responsibility

πŸ“§
Send Supporting Documents
Provide DPA and DPIA support documentation
🀝
Offer Support & Guidance
Available to answer questions and provide guidance throughout the process

Next meeting to book

πŸ“…
Admin Training
Deep-dive training on platform administration, user management, and security configuration