This repo is a PoC of a AI policy review tool that reviews an internal ICT security policy and provides actionable insights and recommended re-drafting.
With standards, laws and regulations ever changing, a policy documentation notification system that notifies and provides criticism / recommendations is a step towards reducing 3rd party compliance overhead and ensuring responsiveness to regulatory changes.
The developer API for the legal RAG at http://helpmefindlaw.com provides an interesting service for this product, providing a managed service for updates in legal policy via an AI friendly medium. For more information reachout at [email protected]
A demo of the product can be found here
To run the application make app
§§ 229.106 and 229.601
Regulation S-K Item 106(b) – Risk management and strategy
Registrants must describe their processes, if any, for the assessment, identification, and management of material risks from cybersecurity threats, and describe whether any risks from cybersecurity threats have materially affected or are reasonably likely to materially affect their business strategy, results of operations, or financial condition.
Regulation S-K Item 106(c) – Governance
Registrants must:
- Describe the board’s oversight of risks from cybersecurity threats.
- Describe management’s role in assessing and managing material risks from cybersecurity threats.
Form 8-K Item 1.05 – Material Cybersecurity Incidents
Registrants must disclose any cybersecurity incident they experience that is determined to be material, and describe the material aspects of its:
- Nature, scope, and timing; and
- Impact or reasonably likely impact.
An Item 1.05 Form 8-K must be filed within four business days of determining an incident was material. A registrant may delay filing as described below, if the United States Attorney General (“Attorney General”) determines immediate disclosure would pose a substantial risk to national security or public safety.
Registrants must amend a prior Item 1.05 Form 8-K to disclose any information called for in Item 1.05(a) that was not determined or was unavailable at the time of the initial Form 8-K filing.
Form 20-F
FPIs must:
- Describe the board’s oversight of risks from cybersecurity threats.
- Describe management’s role in assessing and managing material risks from cybersecurity threats.
Form 6-K
FPIs must furnish on Form 6-K information on material cybersecurity incidents that they disclose or otherwise publicize in a foreign jurisdiction, to any stock exchange, or to security holders.