Workiva AI is designed to help you work more efficiently while maintaining the highest standards of trust, security, and responsible use. Our approach focuses on empowering you with AI-assisted capabilities that support your work without compromising your control or your judgment. Workiva AI is built to assist—not replace—human expertise.
In this article, we'll delve into the security standards and ethical practices embedded in our AI framework. We’ll then explore how this combination empowers you to achieve remarkable results while upholding the highest standards of responsible AI implementation.
Our Workiva AI security standard
Workiva's security architecture is purpose-built for its platform, integrating security directly into the service. Our practice ensures robust data protocols, including encryption in transit (TLS 1.2+), and a contractual commitment that customer data is not used to train LLMs.
This commitment is built on a foundation of five core principles, which align with evolving global standards (e.g., ISO/IEC 42001, NIST AI RMF) and regulations (e.g., EU AI Act, GDPR). Our five core Responsible AI principles—covering Accountability, Transparency, Fairness, Safety & Reliability, and Privacy & Security—are directly mapped to this international management standard, guiding our operations and demonstrating our proactive compliance as we pursue full certification.
1. Accountability
Workiva will ensure internal resources are responsible to manage risk and comply with applicable laws and regulations when implementing and maintaining the AI features.
We develop and use AI responsibly. This means embedding accountability throughout the entire AI lifecycle, including:
- Impact Assessment: We will assess the potential impact of our AI systems on users and society.
- Targeted Oversight: Systems that could have a significant adverse impact are subject to additional, robust oversight and requirements.
- Fit for Purpose: We are committed to ensuring our AI features provide valid solutions for their intended use and solve documented problems.
- Data Governance: We uphold appropriate data governance and management practices, defining data requirements based on the system's intended use and stakeholders.
- Human Control: We design our AI systems to support informed human oversight, enabling users to monitor, understand, and, where necessary, override system outputs.
2. Transparency
We believe that trust is built on clarity. We are committed to being transparent about how our AI systems operate and how they are used within the Workiva platform.
Workiva will ensure that users are aware they are interacting with AI technology through:
- Understandable Outputs: For AI systems that inform decision-making, we will design them to help users understand how the system behaves.
- Clear Communication: We will provide information on the capabilities and limitations of our AI systems to help you make informed choices.
- AI Disclosure: We believe you should know when you are interacting with an AI. We work to clearly identify AI-generated outputs and interactions wherever appropriate.
3. Fairness
Workiva will use commercially reasonable efforts (e.g., add additional grounding information to further increase protection against bias or objectionable content) to design the AI features in a manner that seeks to reduce or eliminate bias against individuals, communities, or groups.
We strive to design AI systems that treat all users equitably. Fairness is a continuous goal that we actively pursue.
- Equitable Quality of Service: We will design and test our AI systems to provide a similar quality of service across different demographic groups.
- Fair Allocation: Where AI is used to allocate resources or opportunities, we will design and monitor the system to ensure those allocations are fair.
- Minimizing Harmful Outputs: For AI systems that generate content, we work to minimize the potential for stereotyping, demeaning, or erasing any group.
4. Safety & Reliability
Workiva will use commercially reasonable efforts (e.g., robust testing including regression testing to evaluate LLM behavior for correctness and adherence to various security and ethical considerations) to ensure that the AI features consistently operates in accordance with their intended purpose and scope and at the desired level of precision.
Workiva will use commercially reasonable efforts (e.g., human in the loop) to design and implement the AI features to safeguard against harm to humans and/or property. We are committed to building AI systems that are not only powerful but also safe, reliable, and predictable.
- Defined Operation: We evaluate and document the operational factors and ranges within which our AI systems are expected to perform safely and reliably.
- Resilient Design: Our systems are designed to minimize the time needed to identify and address known or predictable failures.
- Continuous Improvement: We subject our AI systems to ongoing monitoring, feedback collection, and evaluation to ensure they remain safe and reliable over time.
5. Privacy & Security
Workiva shall use commercially reasonable efforts to design the AI features to comply with applicable privacy and data protection laws and regulations.
Protecting your data is foundational to everything we do. Our AI systems are built to comply with our standards for privacy and security.
- Privacy by Design: Our AI systems are designed to protect user and customer privacy in accordance with our data protection agreement and relevant regulations like the GDPR.
- Robust Security: We design our AI systems to be secure in accordance with our stringent security policies, embedding automated controls and threat mitigation techniques into the development process.
How Workiva AI works
Workiva AI is embedded into the Workiva platform experience. See below for more on how Workiva AI interactions are processed between users, the Workiva platform environment, and third-party LLM providers.
Prompt filtering
When you input a request into our Workiva AI feature, the first thing we do is check the request to ensure it follows our guidelines. We run a filter to eliminate inappropriate or prohibited requests made by users. This ensures that the content generated remains within acceptable boundaries.
Guardrails
After filtering, we establish certain boundaries for generating responses. These boundaries consider factors like the user's context, their intent, and even the persona they are adopting. We apply additional context to understand where and how the user is using the AI.
Grounding
Grounding involves providing a solid foundation for responses through a multifaceted approach. We leverage embeddings and retrieval augmented generation to extend this capability to our customers' workspace data, allowing users to obtain context-specific information from their own documents. Additionally, we offer templates, enabling customers to request responses in specific predetermined formats.
In terms of security, we take IAM (Identity and Access Management) authorization into account during grounding to ensure that only authorized users have access to specific documents or sections of documents.
Lastly, we provide citations and references for our responses using a technique known as RAG (Retrieval Augmented Generation), which not only grounds our responses in our own documents but also allows us to cite the sources, be it our proprietary data or our customers' data.
Injection
Injection involves adding prompts and model parameters to enhance the user experience, making it simpler and more user-friendly. We take all the information gathered from the previous steps and inject it into the Workiva AI system. This includes adding our own prompts behind the scenes to simplify the user experience.
For instance, we include predefined commands like "shorten" or "elaborate" so that users can access these capabilities with ease. We also fine-tune model parameters and settings, so that users don't need to navigate complex technical details.
All of this is done to ensure that using our Workiva AI is as straightforward as possible.
Response generation
This step involves using AI models from, for example ,Google and Microsoft Azure/OpenAI, to create responses to user queries. We leverage thsee advanced AI models for response generation. These models are trained on vast datasets and are capable of generating contextually relevant responses to user queries.
Response filtering
After generating a response, we have another layer of checks to ensure that the response does not contain inappropriate or prohibited content. To ensure the safety and quality of the responses, we apply another set of filters to the generated content. This ensures that the responses align with our guidelines and do not include any off-limits material. Only after passing these checks do we provide the responses back to the user.
Workiva AI security and privacy
Not used to train AI models
Fundamentally, it's essential to underscore that your data, your inputs into the AI model, and the responses generated by the AI remain entirely distinct from the model training process. This means that none of these elements are utilized to train our AI models. This includes not only the widely adopted large language models but also our specialized proprietary models. We have designed our system to ensure a clear separation between your data and the AI training process.
Encryption and storage
To fortify the security and privacy of your data and interactions, Workiva employs robust, industry-standard encryption protocols.
Data persistence is purpose-bound and governed by Workiva’s security, privacy, and compliance controls, and may include session-based or longer-term storage to support product functionality, support, and auditability. Third-party LLM providers do not retain or use customer data for training, or purposes beyond the scope of processing requests on Workiva’s behalf.
Adherence to data security and privacy terms
Please refer to Workiva’s AI Terms of Use.
Active user engagement
A critical facet of our approach centers around the requirement for active user engagement. Workiva AI does not alter your documents without your direct involvement and explicit approval. You have full control over when and how you choose to integrate AI-generated responses into your work, ensuring that your creative authority remains intact.
Content filtering and context guardrails
To uphold a secure and compliant AI experience, we employ comprehensive content filtering measures. These filters apply to both input prompts and responses generated by the AI model. They effectively prevent the processing or generation of any inappropriate or sensitive content.
In tandem with content filtering, context guardrails are meticulously implemented to anchor the AI within the expected use cases, promoting alignment with your workflow and requirements.
Customers can opt out at any time
Organization Administrators can disable access to Workiva AI at the user, account, or organizational levels to customize it to your needs, or opt-out of the program at any time.