Skip to content
Bizzi AI Governance Framework
Executive Summary · § 06

What you can do as a customer

BAGF is not a document to read and put aside. Below are six concrete actions you initiate or request. Each one has a formal channel and a committed response window.

1. Request a Data Protection Impact Assessment (DPIA)

Section titled “1. Request a Data Protection Impact Assessment (DPIA)”

For any new AI use case deployed to your organization, you request a DPIA. It describes what personal data is processed, the legal basis, security measures, sub-processors involved, and data subject rights. Channel: your Customer Success Manager. Response window: 10 business days.

2. Access the quarterly transparency report

Section titled “2. Access the quarterly transparency report”

The Bizzi transparency report includes platform-wide operational KPIs (STP rate, accuracy, hallucination rate), incident summary, significant model or data changes, and audit results. Delivered via your registered channel in the first week of the month following each quarter.

3. Audit your tenant’s data

Section titled “3. Audit your tenant’s data”

You request a full audit-trail report of all AI processing on your tenant’s data. Timestamp, model, prompt, output, approver (when HITL). The report serves as evidence for internal audit or external inspection. Channel: “Compliance / Audit” priority ticket in the Customer Portal.

4. Join the Early Access Program (EAP)

Section titled “4. Join the Early Access Program (EAP)”

When Bizzi develops a new AI feature with material impact on your workflow, EAP lets you preview, give feedback, and request adjustments before broad release. EAP is voluntary and free. Register through your Customer Success Manager.

5. Report a vulnerability (Vulnerability Disclosure)

Section titled “5. Report a vulnerability (Vulnerability Disclosure)”

If your security team finds a vulnerability in the product or framework, send it to security@bizzi.vn (details at security.txt). Bizzi commits to acknowledge receipt in 48 hours, assess severity within 5 business days, and stay transparent on the remediation timeline.

6. Request a custom standards-mapping addendum

Section titled “6. Request a custom standards-mapping addendum”

If your organization needs BAGF aligned to an extra framework (for example SOC 2, HIPAA, MAS TRM for the Singapore financial sector), Bizzi will prepare a dedicated mapping addendum. Contact through the Compliance team or your contract channel.