Policies & Commitments

Responsible AI

How we build and govern AI for mission-driven clients — the principles, controls, and accountability you can hold us to.

Document ID
FCI-POL-AI-001
Version
1.0
Effective Date
May 8, 2026
Document Owner
Chief Operating Officer
Review Cadence
Annual, or upon material change to a referenced framework
Next Review
May 8, 2027
Approved By
Mohamed Farran, Founder & CEO

1. Purpose

FCI Advisory delivers analytics, machine learning, and artificial intelligence capabilities to mission-driven federal and commercial clients. This statement defines the principles, controls, and governance practices we apply to that work. It exists so clients, employees, partners, and the public can hold us to a published standard rather than a slogan.

2. Scope

This statement applies to all FCI engagements, deliverables, and internal operations involving artificial intelligence, machine learning, predictive modeling, generative AI, and decision-support analytics — whether developed by FCI, integrated through OEM partners, or operated on behalf of clients. It applies to every employee, subcontractor, and partner working on FCI-led delivery.

3. Principles

3.1 Mission alignment first. AI is selected when it materially improves a mission outcome, not because it is available. Every AI/ML deliverable starts with a written statement of intended use and the decision it will support.

3.2 Human-in-the-loop by default. Automated decisions affecting individuals, eligibility, services, or rights require documented human review checkpoints unless a client policy explicitly waives it in writing.

3.3 Bias review on every model. We conduct disparate-impact testing before deployment for any model that affects people, services, or eligibility, and document the methodology and findings as part of the deliverable.

3.4 Explainability is a deliverable, not an addendum. Every model handed over to a client includes documentation of intended use, training data lineage, performance metrics, and known limitations, calibrated to the client's risk posture.

3.5 Data minimization. We collect, store, and process only the data required to produce the agreed outcome. Personally identifiable information (PII) and protected health information (PHI) are governed by the controlling federal authority — HIPAA, the Privacy Act, agency-specific guidance — and never used for purposes outside the engagement scope.

3.6 Provenance and reproducibility. Model code, training-data references, hyperparameters, and evaluation results are versioned and traceable for the life of the deliverable.

3.7 Generative AI guardrails. When generative AI is used inside an engagement, outputs are reviewed for accuracy, bias, and confidentiality before client delivery. Generative AI is never used to produce final analytic conclusions, legal positions, or contract language without human authorship and review.

4. Frameworks Referenced

FCI's Responsible AI program is organized to align with:

  • NIST AI Risk Management Framework (AI RMF 1.0)
  • NIST SP 800-218A — Secure Software Development Framework, AI-specific extensions
  • OMB Memorandum M-24-10 — Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence
  • Executive Order 14110 — Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence
  • ISO/IEC 42001:2023 — Artificial Intelligence Management System (referenced for internal governance maturity)
  • Agency-specific AI guidance — including federal health, postal, and civilian frameworks where applicable to active engagements

5. Governance

Responsible AI compliance is owned by the Chief Operating Officer with delegated review authority to the engagement lead on each program. AI/ML deliverables are reviewed at three checkpoints:

  1. Design — intent, risk classification, data sources, and human-oversight design
  2. Pre-deployment — bias testing results, explainability documentation, performance metrics
  3. Operations — model drift, performance against deployed-state KPIs, change management

Findings are logged in FCI's ISO 9001 Quality Management System and tracked to closure.

6. Conflicts and Escalation

Where a client request conflicts with this statement, FCI's engagement lead documents the conflict in writing, escalates to the COO, and offers a compliant alternative path. FCI will not knowingly deliver AI work that violates federal law, agency-specific guidance, or this published standard.

7. Review

This statement is reviewed annually, or whenever a referenced framework is materially updated, whichever comes first. Updates are approved by the Founder & CEO and published with a revised version number.

FCI Advisory, LLC · 1660 International Dr, Ste 600, McLean, VA 22102 · info@fciadvisory.com · +1 (202) 717-1122

More policies & commitments

Compliance & SecurityFederal-Grade QualityEqual Opportunity & InclusionPrivacy PolicyTerms of ServiceCookie PolicyAccessibility Statement