Home
AREMIS
Security Awareness

Using AI
securely

AI is a powerful ally, but it carries risks for your data and our clients' data. Learn the right habits.

1 The approved tool

At AREMIS, only one AI agent is integrated and approved within our ecosystem.

πŸ€–

Microsoft Copilot

The only AI tool currently approved at AREMIS. Its use is authorised as part of your normal professional activities, via your AREMIS account.

⚠️
Other AI tools (ChatGPT, Claude, Gemini, etc.) are tolerated subject to strict compliance with the conditions described below. This applies to any web interface, mobile application or browser extension.
2 What you CAN share

Using an AI tool for generic and non-confidential tasks is perfectly acceptable.

βœ“ General knowledge questions and research on public topics
βœ“ Writing, grammar and formatting assistance for non-confidential content
βœ“ Code assistance using generic, non-proprietary snippets
βœ“ Brainstorming and ideation without any reference to AREMIS or client data
βœ“ Learning and training on publicly available technologies
3 What is STRICTLY FORBIDDEN

The following data must never be shared with an unapproved AI tool.

βœ• Client data β€” names, configurations, contracts, or any client-identifiable information
βœ• Credentials & secrets β€” passwords, API keys, tokens, certificates, connection strings
βœ• Personal data β€” employee or client personal data (names, emails, phone numbers…)
βœ• AREMIS proprietary information β€” internal architecture, security configurations, intellectual property
βœ• ARCHIBUS / Eptura β€” source code, database schemas, deployment specifics
βœ• Financial & contractual data β€” pricing, revenue, SLAs, contractual terms
βœ• Security information β€” vulnerability reports, incident details, penetration test results
🚨
This is a contractual obligation towards our clients.

Failure to comply may result in heavy fines and could lead to the loss of the contract.
4 Practical examples

When in doubt, ask yourself: "Does this prompt contain confidential information that I can share with an unapproved tool?"

OK

"Help me draft a project status update email to stakeholders"

NO

"Summarise the meeting notes from yesterday's call with [client name]"

OK

"What are best practices for managing scope creep in IWMS projects?"

NO

"Here is our client's floor plan data, help me find space optimisation opportunities"

OK

"Explain how to configure a calculated field in ARCHIBUS using the documentation"

NO

"Here is a SQL export from our production database, help me build a report"

OK

"Help me create a generic ROI template for workplace management solutions"

NO

"Review this proposal with pricing and SLA details for [client name]"

5 Why these rules?

External AI tools pose real risks to the confidentiality of your data.

πŸ’Ύ

Data storage

Your inputs may be stored by the AI provider, sometimes indefinitely, and in jurisdictions outside the EU.

🧠

Model training

Your data may be used to train future models, potentially making your information accessible to other users.

πŸ”“

Third-party exposure

Submitted data may be exposed through security breaches, provider employees, or subcontractors.

πŸ“œ

Contractual obligations

We have a contractual and regulatory obligation towards our clients to protect their data. Any leak engages our liability.

In doubt?

Contact the Security team before using an AI tool in any context where sensitive data could be involved.

πŸ›‘οΈ

Need an approved alternative?

If you need to work with confidential data using AI, the IT Security team can point you to validated and secure solutions.

πŸ“‹

Report an incident

If you have accidentally shared sensitive data with an AI tool, report it immediately. The faster the response, the more limited the damage.

Your points of contact

The IT and Information Security teams are here to support you.

πŸ”’ security@aremis.com 🎫 support.aremis.com

Reference document

AREMIS – Acceptable Use Policy β€” AI Tools (POL-SEC-XXX)
Classification: Internal