Learn more about AI: Spring 2025 Employee Programs

RCNJ STATEMENT

For the purposes of this statement, the term “employee” refers to all individuals who work for Ramapo College in exchange for financial or other compensation, and the term “employee” includes all part-time and full-time staff, faculty, adjuncts, managers, and student workers. As defined by IBM, “Artificial intelligence (AI) is technology that enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity, and autonomy.”

Purpose

To provide clear guidelines for employees regarding the responsible and ethical use of Artificial Intelligence (AI) technologies, including but not limited to generative AI (also known as GenAI) programs such as ChatGPT, within our organization. As AI continues to evolve and integrate into various aspects of work, it is essential to ensure that its use aligns with the College’s organizational values, promotes productivity, and safeguards the integrity of operations. This statement articulates and complies with the security control requirements stated in the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and its supporting NIST Special Publication (SP) 800-171, and applicable laws, regulations, and best security practices.

Scope

This statement applies to all employees, contractors, and third-party vendors who utilize AI tools and technologies in the course of their work with Ramapo College of New Jersey. Additionally, the statement encompasses all systems and information owned, managed, or processed by RCNJ and its authorized employees for non-instructional, business, or support purposes. It also extends to any external or non-RCNJ systems that interconnect with or exchange data with RCNJ-managed systems.

This statement does NOT apply to, preempt, or supersede any academic policies that apply to faculty or students regarding the educational or instructional use of AI. Exceptions to this policy may be granted under the following circumstances:

• Activities governed by academic or research policies.
• Instances where compliance conflicts with principles of academic freedom.
• Emergency or temporary uses of AI systems.
• All exceptions must be approved by ITS Leadership and documented accordingly.

References & Controls

This statement is intended to address the requirements of NIST CSF and the security controls contained therein. Specifically, this statement addresses compliance with the following NIST CSF categories and subcategories relevant to the responsible use and governance of artificial intelligence systems:

• Identify (ID):
  • ID.AM-1: Maintain an inventory of all AI tools and systems used within the institution, documenting ownership, purpose, and associated data.
  • ID.RA-1: Conduct risk assessments to evaluate the potential impact of AI systems on privacy, fairness, and security.
  • ID.BE-4: Ensure alignment of AI system usage with institutional objectives and regulatory requirements.
• Protect (PR):
  • PR.AT-1: Conduct security and ethical awareness training for personnel managing AI systems.
• Respond (RS):
  • RS.RP-1: Develop and implement incident response plans specifically for AI systems, including handling ethical or student conduct violations.

Why These Controls Are Relevant

• Identify (ID): Helps educate on AI use cases and their potential risks, ensuring a clear understanding of system dependencies and compliance.
• Protect (PR): Ensures the safeguarding of sensitive data and establishes security baselines for AI tools.
• Respond (RS): Outlines how to mitigate and communicate risks associated with AI use, whether ethical or operational.

Requirements

Note that this statement supports all applicable information protection policies, including but not limited to:

• RCNJ Policy/Procedure 410: Data Protection (PII) (under development)

The following requirements must be followed when using AI on College systems or networks:

• Verify that any response from a GenAI tool that you intend to rely on or use is accurate, appropriate, not biased, not a violation of any other individual or entity’s intellectual property or privacy, and consistent with RCNJ policies and applicable laws.
• Do not use GenAI tools to make or help you make personnel decisions about applicants or employees, including recruitment, hiring, retention, promotions, transfers, performance monitoring, discipline, demotion, or terminations.
• Do not upload or input any confidential, proprietary, or sensitive College or student information into any GenAI tool. Examples include passwords and other credentials, Protected Health Information (PHI), data outlined as moderate or high risk in the RCNJ Policy/Procedure 410: Data Protection (PII), personnel material, information from documents marked Confidential, Sensitive, or Proprietary, or any other nonpublic College information that might be of use to malicious entities or harmful to the College if disclosed. Failure to comply with this policy may breach your or the College’s obligations to keep certain information confidential and secure, risks widespread disclosure, and may cause the College’s rights to that information to be challenged.
• Do not upload or input any personal information (names, addresses, likenesses, etc.) about any person into any GenAI tool.
• Do not represent work generated by a GenAI tool as being your own original work.
• Do not integrate any GenAI tool with internal College software without first receiving specific written permission from your supervisor and the ITS Department.
• If you are unsure if a tool is GenAI, seek the counsel of ITS prior to using it.

Guidelines

Appropriate Use of AI: GenAI tools can be valuable for enhancing productivity, streamlining processes, and supporting decision-making; however, they are not a substitute for human judgment and creativity. The output from these tools is often prone to inaccuracies, outdated information, or false responses, making careful human verification essential. Employees must critically evaluate AI-generated suggestions or plans using their knowledge of the College’s values, policies, procedures, and strategies, while also collaborating with colleagues to gain different perspectives and reduce the risk of errors. AI tools should be used to supplement, not replace, traditional methods of problem-solving and decision-making, with appropriate validation such as cross-referencing information, performing tests when feasible, or consulting experts. Additionally, employees must treat any information shared with AI tools as if it could go viral on the Internet and be attributed to them or the College, regardless of tool settings or assurances from its creators. By using AI responsibly and maintaining human oversight, we can optimize its benefits while minimizing risks.

Data Privacy and Security: Employees must adhere to all data privacy and security protocols when using AI technologies. This includes ensuring that any data input into AI systems complies with our data protection policies and relevant legal regulations. Sensitive or confidential information, including student data, pre-decisional work, negotiations, or personal details, or any data classified as moderate- to high-risk as outlined in RCNJ Policy/Procedure 410: Data Protection (PII), must never be shared with AI tools,as these tools learn and generate content based on the input data. Users should ensure that any data input complies with College policies and legal regulations, preserving data security, intellectual property, and confidentiality. If unsure whether specific information is appropriate to use with the AI tool, employees should consult their supervisor, the ITS department, the College’s internal auditor, or the legal department. Violations of data protection policies and legal regulations may result in disciplinary action, up to and including termination.

Risk Assessments for AI Usage: In the course of using AI tools, employees should always be aware of the inherent risks these technologies pose. These may include potential inaccuracies or misinterpretations in AI-generated content due to lack of context, legal ambiguities concerning content ownership, and possible breaches of data privacy. As such, a critical attitude towards AI outputs is required at all times. To ensure that risks associated with AI usage are effectively managed, it is the responsibility of management to incorporate AI-specific risk assessments into the College’s broader risk management procedures. This includes continually evaluating and updating protocols to identify, assess, and mitigate potential risks, with considerations for changes in AI technology, its application, and the external risk environment. This also necessitates periodic training and awareness sessions for employees to ensure they stay informed about these risks and the steps needed to mitigate them.

Use of Third-Party AI Platforms: Employees should exercise caution when using third-party AI platforms due to the potential for security vulnerabilities and data breaches. Before using any third-party AI tool, employees are required to verify the security of the platform. This can be done by checking for appropriate security certifications, reviewing the vendor’s data handling and privacy policies, and consulting with the College’s ITS cybersecurity team if necessary. Moreover, data shared with third-party platforms must comply with the guidelines outlined in the section on Data Privacy and Security. In situations where employees are unsure about the use of a third-party platform, they should seek guidance from their supervisors or the ITS security team. Employees should not integrate any AI tool with software provided by or maintained by the College without first receiving specific written permission from their supervisor and the ITS Department.

Use in Communications: AI tools, when used appropriately, can aid in facilitating efficient internal communication within Ramapo College. This includes drafting emails, automating responses, or creating internal announcements. However, while using AI for these purposes, it is crucial that employees adhere strictly to the College’s policies on ethics, harassment, discrimination, and professional conduct. AI-generated communication should be respectful, professional, and considerate, mirroring the high standards of interpersonal communication expected at Ramapo College. Any misuse of AI tools for communication, including any language or behavior that violates College policies, will be treated as a serious violation and may lead to disciplinary action, up to and including termination of employment.

Transparency and Accountability: Employees should maintain transparency in their use of AI tools. When AI-generated outputs are utilized in decision-making processes, employees should not represent work generated by an AI tool as being their own original work. Rather, employees should include a footnote in their work indicating which AI tool was used and when it was used. Also, employees must be prepared to explain the rationale behind these decisions and the role AI played in them. Accountability for decisions made with the assistance of AI remains with the employee.

Training and Support: The organization will provide training and resources to help employees understand how to effectively and responsibly use AI tools. Employees are encouraged to seek assistance from their supervisors or the ITS department if they have questions or require support regarding AI technologies.

Ethical Considerations: Employees must consider the ethical implications of using AI in their work. This includes assessing AI outputs to detect and avoid bias, considering whether AI outputs would have a negative impact on institutional reputation or integrity, ensuring fairness in decision-making, and being mindful of the potential impact on employees, students, stakeholders (i.e., board members, alumni, etc.), and vendors with whom the College has contractual relationships. Any concerns regarding ethical use should be reported to management.

Compliance with Regulations: Employees must comply with all applicable laws and regulations governing the use of AI technologies. This includes intellectual property rights, data protection laws, and industry-specific regulations.

Non-Personal Use: AI tools provided by Ramapo College are for business use only and should not be used for personal use. This policy is in place to ensure the maintenance of a professional and productive environment, the preservation of institutional resources, and to prevent potential legal and security risks. Personal use of these tools could potentially involve sharing of inappropriate or sensitive content, misuse of time and resources, and potential breach of data privacy regulations.

Monitoring: Ramapo College reserves the right to monitor all employee interactions with AI tools for the purpose of ensuring compliance with this statement.

Violations: Violations of this statement may result in disciplinary action, up to and including termination.

Exceptions: Any exceptions to this statement must be documented by RCNJ ITS with the reason for the exception, and mitigations to reduce risk associated with not fully implementing this statement . Exceptions may include, but are not limited to, legacy systems or applications that do not permit configuration to the extent required by this statement, and systems that are not under the direct control of RCNJ, for example.

Review and Updates: This statement will be converted to a policy by making use of the College’s policy development and review process. Once a formal policy has been approved, it will be reviewed annually and updated as necessary to reflect changes in technology, legal requirements, and organizational needs. Employees will be notified of any significant changes to the policy.

Conclusion: The responsible use of AI can significantly enhance organizational capabilities and improve efficiency. By adhering to this statement, employees can contribute to a positive and innovative workplace culture while ensuring that our use of AI aligns with our core values and ethical standards. Any questions or clarifications regarding this statement may be directed to the Chief Information Officer.

Note: The typli AI Text Generator (see https://typli.ai/ai-text-generator) was used on 1/27/2025 to generate an initial draft of this statement.

Supplemental Resources

• Artificial Intelligence in Teaching & Learning