Skip to content

Artificial and Autonomous Technology Standard

Organization: FrontRunnerHC, Inc. (FRHC)
Parent Policy Reference: Summit Technology Holdings – Artificial & Autonomous Technologies Policy
Framework Reference: Secure Controls Framework – Artificial & Autonomous Technologies (AAT)


This standard defines how FrontRunnerHC (FRHC) implements the enterprise-wide Artificial & Autonomous Technologies requirements established by Summit Technology Holdings, LLC (STH). It documents the governance practices and situational awareness controls applied to AI, machine learning, robotic process automation, and other autonomous technologies used across FRHC’s operations.


This standard applies to all artificial intelligence and autonomous technology systems developed, acquired, or deployed by FRHC, including internally built systems, third-party SaaS features, embedded AI capabilities within platforms, and any AI services integrated into applications used by the FRHC workforce. It applies regardless of whether the AI/AT system directly processes ePHI, as emergent behaviors and indirect exposures may affect systems that do.


3.1 AI & Autonomous Technologies Governance

Section titled “3.1 AI & Autonomous Technologies Governance”

FRHC incorporates AI and autonomous technology risk into its enterprise risk assessment and cybersecurity governance framework. All proposed and in-use AI/AT use cases are identified, assigned an accountable owner, and evaluated through a risk assessment process prior to production use and upon any material change. Governance oversight is led by senior leadership, and risk outcomes are reviewed regularly. FRHC ensures that AI/AT systems comply with applicable legal, security, privacy, and ethical requirements.

  • Parent Policy Mapping: STH Artificial & Autonomous Technologies Policy, Section 3.1
  • SCF Mapping: AAT-01 (Artificial Intelligence (AI) & Autonomous Technologies Governance)

3.2 Situational Awareness of AI & Autonomous Technologies

Section titled “3.2 Situational Awareness of AI & Autonomous Technologies”

FRHC maintains situational awareness of all AI and autonomous technologies used within its environment. This includes internally developed capabilities as well as AI functionality provided through third-party platforms and services.

An inventory of AI and autonomous technologies is maintained in coordination with STH and includes, as applicable:

  • System or service name
  • Business purpose and use case
  • Data types processed (e.g., PII, ePHI)
  • Responsible owner
  • Hosting or deployment model
  • Risk tier and lifecycle status

The inventory is reviewed and updated periodically to ensure accuracy and to support ongoing risk management, monitoring, and decommissioning activities.

  • Parent Policy Mapping: STH Artificial & Autonomous Technologies Policy, Section 3.2
  • SCF Mapping: AAT-02 (Situational Awareness of AI & Autonomous Technologies)

FRHC maintains evidence supporting AI and autonomous technology governance, including risk assessments, use-case approvals, and inventory records. Evidence is retained and made available to Summit Technology Holdings, LLC (STH) to support enterprise governance, audit, and compliance activities.


All users (employees, contractors, part-time and temporary workers) and those employed by others to perform work for the organization, or who have been granted access to IT assets or facilities, are covered by this standard and must comply with its associated policies, procedures, standards and guidelines.

Failure to comply with this standard and associated guidelines may result in suspension of use privileges or other disciplinary actions up to and including termination and/or legal action.


Parent Policy:

  • Summit Technology Holdings – Artificial & Autonomous Technologies Policy

Regulatory Requirements:

  • HIPAA Security Rule:
    • 45 CFR §164.308(a)(1)(ii)(A) – Risk Analysis
    • 45 CFR §164.308(a)(1)(ii)(B) – Risk Management
  • AICPA SOC 2 Trust Services Criteria:
    • Security (CC7.2, CC7.3)
    • Privacy (P8.1, P8.2)

Framework Alignment:

  • AAT-01 – Artificial Intelligence (AI) & Autonomous Technologies Governance
  • AAT-02 – Situational Awareness of AI & Autonomous Technologies

RevDescriptionDateApproved
-Policy createdMarch 2025M Machin
1.0Converted to StandardApril 2026M Machin
2.0Reviewed and approved for 2026July 2026M Machin

Internal Use Only