Responsible AI

Executive Summary

Environics Analytics builds and deploys AI to help our clients make better decisions - safely, securely and transparently. Our program is anchored in the NIST AI Risk Management Framework and aligns with the Canadian Voluntary Code of Conduct on Advanced Generative AI Systems and the OECD AI Principles. In addition, we maintain audited third-party assurance controls including SOC 1 Type II, SOC 2 Type II, HIPAA and ISO 31700 Privacy by Design.

• Client data are never used to train AI models that are shared with other clients.
• When AI capabilities run in cloud environments, we use enterprise AI services with tenant level isolation and strong data handling controls that ensure client information stays private and is never used to train or enhance third party AI models.
• We use industry standard security and privacy controls - including encryption, de-identification, strict access controls, data minimization and clear retention and deletion practices.
• Our Chief Technology Officer is accountable for AI risk management, supported by our AI Governance Committee and internal AI risk assessments.
• At all times humans remain accountable for final decisions, with AI used only to support expert judgment.

Responsible AI at Environics Analytics

Our Commitment

We integrate AI to enhance accuracy, efficiency and insight - never at the expense of privacy, safety or fairness. Our approach emphasizes client data protection, human accountability and clear governance across all AI enabled capabilities.

Our Responsible AI Principles

1. Transparency and Accountability - We are open about where and how AI is used with client data and we ensure people remain responsible for decisions influenced by AI.
   
2. Governance and Risk Management - We operate AI within a strong governance framework, supported by clear policies, oversight and risk assessments throughout the AI lifecycle.
   
3. Fairness and Bias Management - We review and monitor third-party AI provider practices for addressing fairness and unintended bias. For AI models developed by Environics Analytics, we conduct our own evaluations and monitoring to support fair and equitable outcomes.
   
4. Human‑Centric Approach - We acquire, design and deploy AI to augment human expertise, enable better decision‑making and respect human oversight at all times.
   
5. Responsible and Safe Deployment - We prioritize safety, privacy and data protection in all AI features, applying safeguards to ensure that AI is used responsibly and within the limits of its intended purpose.

How We Use AI

1. Internal Productivity - AI helps our teams draft, summarize, research and automate internal workflows. These capabilities do not use client data; they operate only on internal information or data an employee provides for their own task.
   
2. ENVISION Platform - Our platform includes AI features such as search, summarization and generative assistance. We implement built-in guardrails and prerelease evaluations to support accuracy, safety and responsible use.
   
3. Data Development - We build our data products using public, licensed and partner supplied datasets - never client data. We use statistical modeling, machine learning and AI-enabled techniques to extrapolate trends, infill gaps and produce demographic, behavioural, financial, psychographic and human movement attribute estimates at the neighbourhood level across Canada.
   
4. Analytical Services - Our analysts use AI to support modeling, forecasting and insight generation with client provided data, under project specific controls and contractual restrictions.

How We Protect Client Data

• Secure Processing: Cloud-based AI features run on enterprise cloud AI services with customer level isolation and strong controls to ensure client information stays private and is never used to train or enhance third party AI models.
• Security by Design: Encryption, strict access management, data minimization, monitoring and auditing are standard across our platform and services.
• Compliance: We comply with applicable Canadian privacy laws and regulations and maintain SOC 1 Type II, SOC 2 Type II, HIPAA and the ISO 31700 Privacy by Design standards.
• Data Management: Data retention follows classification-based practices and is superseded by client data sharing agreements. Secure deletion is available upon request.
• Transparency: We disclose how AI is used and clearly label AI generated outputs where appropriate.

How Our Guardrails Work

• Tenant / instance isolation: AI features run in cloud or private deployment environments with tenant or instance-level isolation as appropriate and strong data handling controls.
• Inference only by default: Client data are not used to train or improve AI models for other customers or third parties.
• Input protections: Prompt injection defenses, input validation and data minimization controls reduce the risk of unintended instructions or misuse.
• Output constraints: AI responses are shaped by system prompts, allowed content policies and domain specific instructions to reduce irrelevant or unsupported output.
• Abuse and anomaly monitoring: Rate limiting, anomaly detection and audit logging help deter misuse and support investigation.
• Quality checks: AI features undergo pre release evaluations covering accuracy, safety and reliability for the intended tasks.
• Continuous improvement: We monitor performance and adjust controls as needed.

Governance & Accountability

• Our AI Governance Committee oversees AI strategy, risk, policy and lifecycle management.
• The CTO is accountable for Responsible AI and overall AI risk management.
• Internal AI risk assessments guide safeguards, evaluations and deployment decisions.
• Humans remain accountable for final decisions across all AI enabled workflows.