top of page

Risk Assessment & Mitigation Strategy

Last Updated: 30 December 2024

At Kalmi Pty Ltd, we are committed to delivering safe, ethical, and reliable Kalmi AI products. This Risk Assessment & Mitigation Statement outlines our approach to identifying, assessing, and managing risks associated with the development, deployment, and operation of our AI systems.

Our goal is to ensure the safety, privacy, and trustworthiness of our products while maintaining alignment with Australian AI Ethics Principles and relevant regulatory frameworks.

1. Risk Identification

We identify and categorise potential risks across four key areas:

1.1 Technical Risks:

  • System Failures: Unexpected malfunctions or downtime of Kalmi AI products.

  • Data Breaches: Unauthorised access to user data due to security vulnerabilities.

  • AI Model Bias: Unintended biases in AI-generated outputs that may affect fairness or inclusivity.

 

1.2 Privacy and Data Security Risks:

  • Data Anonymisation Failures: Risk of re-identifying anonymised user data.

  • Unintended Data Sharing: Accidental exposure of anonymised data to unauthorised third parties.

1.3 Ethical and Societal Risks:

  • User Dependence: Over-reliance on AI products for emotional support without seeking professional help.

  • Transparency Gaps: Insufficient clarity about how AI-generated responses are created.

 

1.4 Operational Risks:

  • Scalability Challenges: Difficulties in maintaining performance and reliability as the user base grows.

  • Regulatory Compliance: Failure to keep up with changing AI laws and data protection regulations.

 

2. Risk Assessment

We evaluate identified risks based on:

  • Likelihood: How probable it is for the risk to occur.

  • Impact: The potential consequences on users, operations, and compliance.

  • Severity Score: Combining likelihood and impact to prioritise mitigation efforts.

 

Risk Levels:

  • High Risk: Immediate action required.

  • Medium Risk: Monitoring and mitigation plan in place.

  • Low Risk: Ongoing observation with contingency plans.

3. Risk Mitigation Strategies

3.1 Technical Mitigation:

  • Regular Testing: Routine testing and validation of AI systems to detect and address failures early.

  • Data Encryption: Secure encryption protocols for data in transit and at rest.

  • Bias Audits: Periodic checks to identify and mitigate biases in AI outputs.

 

3.2 Privacy and Security Mitigation:

  • Anonymisation Protocols: Strict procedures for anonymising user data before processing.

  • Access Control: Restricted data access to authorised personnel only.

  • Incident Response Plan: Preparedness for immediate action in case of a data breach.

 

3.3 Ethical and Societal Mitigation:

  • Transparency Measures: Clear user communication about the capabilities and limitations of Kalmi AI products.

  • Crisis Warnings: Built-in prompts directing users to licensed professionals or emergency services during crises.

  • User Education: Resources to help users understand appropriate and inappropriate use of AI tools.

3.4 Operational Mitigation:

  • Scalable Infrastructure: Cloud-based architecture designed for scalability and reliability.

  • Regulatory Monitoring: Regular reviews of legislative changes and updates to compliance practices.

  • Feedback Loops: Mechanisms for collecting and acting on user feedback promptly.

 

4. Monitoring and Evaluation

  • Continuous Monitoring: Real-time performance monitoring of Kalmi AI products.

  • Regular Reviews: Scheduled risk assessment reviews to adapt to new risks or changes in product functionality.

  • User Reporting: Clear channels for users to report suspected issues or provide feedback.

5. Crisis Management and Response

  • Incident Reporting Protocols: Defined procedures for addressing critical incidents, including technical failures and data breaches.

  • User Notification: Prompt communication with affected users in case of significant disruptions or breaches.

  • Post-Incident Evaluation: Analysis of incidents to improve future risk mitigation strategies.

6. Accountability and Oversight

  • The Founder and Leadership Team at Kalmi Pty Ltd are responsible for overseeing risk management processes.

  • Regular Updates: Risk management strategies and processes will be updated regularly to reflect evolving best practices and regulations.

  • Documentation: Comprehensive records of risk assessments, mitigation efforts, and incidents are maintained for future audits and reviews.

7. User Responsibility

While Kalmi Pty Ltd takes extensive measures to manage risks, users are also encouraged to:

  • Use Kalmi AI products responsibly and within their intended purpose.

  • Avoid relying solely on AI products for medical or professional mental health advice.

  • Report any issues or irregularities to sarah@kalmi.com.au.

 

8. Future Improvements

As Kalmi Pty Ltd grows:

  • Independent audits of AI performance, data security, and privacy compliance will be implemented.

  • Dedicated roles for risk management, compliance, and ethics oversight will be established.

  • Annual reports on risk management efforts may be published for transparency.

 

9. Contact Information

For questions about our Risk Assessment & Mitigation Statement, or to report an issue, please contact:

Email: sarah@kalmi.com.au

 

By using Kalmi AI products, you acknowledge that you have read, understood, and accepted the measures outlined in this Risk Assessment & Mitigation Statement.

bottom of page