Effective Date: 1 January 2025
Version: 3.0 — Ultra-Final (Djenie Edition)

1. PURPOSE & SCOPE

This AI Governance & Safety Statement explains how In Delay There Lies No Plenty Pty Ltd ACN 162 881 138 ATF Future Thinking Family Trust t/a Djenie ABN 98 399 797 036 (“Djenie”) governs, evaluates, and safeguards all Artificial Intelligence (“AI”) systems used in its operations.
Unlike Cushi.ai, which provides AI-powered onboarding and learning tools, Djenie deploys AI in a limited and controlled manner to support:

  • internal automation,
  • quality assurance in development,
  • data validation,
  • operational efficiency,
  • secure system monitoring.
    Djenie does NOT deploy AI toward end-users for behavioural recommendations, personalisation, workforce decisions, or high-risk contexts.
    This Statement aligns with:
  • ISO/IEC 42001 (AI Management Systems)
  • NIST AI Risk Management Framework
  • Australian AI Ethics Principles
  • OECD AI Principles
  • Singapore Model AI Governance Framework

2. GOVERNANCE STRUCTURE & ACCOUNTABILITY

AI Governance Owner: Chief Technology Officer (CTO)
Responsibilities:

  • AI risk management & governance
  • Compliance with ISO/IEC 42001 guidance
  • Oversight of internal AI systems
  • Safety review and approvals

AI Risk & Safety Group:

  • Reviews internal AI use cases
  • Approves models and data handling
  • Verifies safeguards and ethical alignment

Engineering & Data Leads:

  • Ensure secure development
  • Maintain model robustness and testing
  • Validate datasets and input/output controls

3. AI RISK CLASSIFICATION MODEL

Djenie uses a conservative risk framework:
Unacceptable-Risk:

  • Any AI system affecting minors, safety, identity verification, biometric processing — NOT PERMITTED.

High-Risk:

  • AI in employment, eligibility, financial scoring, legal determinations — NOT PERMITTED.

Moderate-Risk:

  • Internal automation tools (human oversight required).

Low-Risk:

  • Data-cleaning scripts, coding assistants, pattern recognition for diagnostics.

Minimal-Risk:

  • UI enhancements, non-personal analytics, documentation assistance.

4. AI LIFECYCLE MANAGEMENT

Djenie applies a full lifecycle approach:
Design:

  • Privacy-by-design
  • Threat modelling
  • Safety and harm analysis
    Development:
  • Secure SDLC
  • Dataset review
  • Bias screening
    Testing:
  • Robustness testing
  • Adversarial prompt testing
  • Output validation
    Deployment:
  • Access control
  • Audit logging
  • Rate limiting
  • Guardrail enforcement
    Monitoring:
  • Drift detection
  • Misuse detection
  • Error-rate tracking
    Review:
  • Periodic evaluation
  • Safety audits

5. SAFETY & RISK CONTROLS

Djenie implements:

  • Guardrails to prevent harmful outputs
  • Abuse-prevention mechanisms
  • Automated safety filters
  • Audit trails on all AI-assisted workflows
  • Red-team testing for edge cases
  • Fail-safe and fallback behaviours

6. HUMAN OVERSIGHT

All AI-assisted actions require:

  • Human override capacity
  • Final human validation
  • Supervisory review for consequential tasks
    AI outputs serve only as supportive tools, not final authority.

7. FAIRNESS, TRANSPARENCY & BIAS TESTING

Djenie applies:

  • Dataset quality checks
  • Bias detection techniques
  • Fairness constraints where applicable
  • Documentation of data provenance
  • Transparency regarding AI-assisted operations
    Djenie does not infer or record protected characteristics without lawful basis.

8. PROHIBITED AI USES

Djenie prohibits:

  • AI-driven decisions affecting employment or eligibility
  • Biometrics or facial recognition
  • Surveillance or behavioural analysis
  • Political persuasion
  • Medical advice or diagnostics
  • Automated decisions that produce legal or significant effects
  • Processing sensitive data for AI training

9. VENDOR & THIRD-PARTY MODEL OVERSIGHT

Djenie requires all AI vendors to:

  • Provide documentation on data handling and model behaviour
  • Maintain privacy and security controls equivalent to ISO 27001/27701
  • Submit to risk assessments
  • Support regulatory compliance

10. AI INCIDENT RESPONSE & ESCALATION

Djenie maintains a dedicated AI incident response workflow:

  • Immediate triage of AI-related anomalies
  • Escalation to AI Risk & Safety Group
  • Corrective action and containment
  • Notification to affected partners where required
  • Post-incident review and documentation

11. RECORD-KEEPING & AUDITABILITY

Djenie maintains:

  • Model usage records
  • Internal model cards
  • Dataset provenance logs
  • AI risk assessments
  • Lifecycle documentation
  • Evidence aligned with ISO/IEC 42001

12. RELATIONSHIP TO OTHER POLICIES

This Statement should be read with:

  • Privacy Policy
  • Data Processing Agreement
  • Security Overview
  • Responsible Disclosure Policy

VERSION CONTROL & GOVERNANCE

Version: 3.0 — Ultra-Final (Djenie Edition)
Effective Date: 1 January 2025
Approval: Chief Executive Officer, Djenie
Change Summary: Complete rewrite from Cushi version; removed end-user AI modules, aligned scope to internal operational AI, strengthened prohibited uses, updated governance roles.
Review Cycle: Annual or earlier as required.