View this page in the latest version of Appian. Security and Compliance Share Share via LinkedIn Reddit Email Copy Link Print On This Page Compliance AI skills are only available for Cloud customers at this time. Self-managed and Appian Government Cloud customers don't have access to this feature. Appian Cloud PCI-DSS customers: Before enabling this feature, please review its compliance to ensure it aligns with your organization's security requirements. Note: AI Skills are not highly available at this time, however, they can still be used in a high availability environment. AI Skills won't impact other HA features in your environment. See High Availability for Appian Cloud for more information. Regional availability Tip: Unless listed below, AI skills are available in all regions. The following AI skills are available in select regions: Region Name Region Document Classification Document Extraction Prompt Builder and generative AI skills Africa (Cape Town) af-south-1 Not Supported Not Supported Not Supported Asia Pacific (Tokyo) ap-northeast-1 Not Supported Not Supported Supported Asia Pacific (Seoul) ap-northeast-2 Supported Supported Not Supported Asia Pacific (Mumbai) ap-south-1 Supported Supported Supported Asia Pacific (Singapore) ap-southeast-1 Supported Supported Supported Asia Pacific (Sydney) ap-southeast-2 Supported Supported Supported Asia Pacific (Jakarta) ap-southeast-3 Not Supported Not Supported Not Supported Canada (Central) ca-central-1 Supported Supported Supported Europe (Frankfurt) eu-central-1 Supported Supported Supported Europe (Zurich) eu-central-2 Not Supported Not Supported Not Supported Europe (Stockholm) eu-north-1 Not Supported Not Supported Not Supported Europe (Milan) eu-south-1 Not Supported Not Supported Not Supported Europe (Ireland) eu-west-1 Supported Supported Supported Europe (London) eu-west-2 Supported Supported Supported Europe (Paris) eu-west-3 Supported Supported Supported Middle East (UAE) me-central-1 Not Supported Not Supported Not Supported Middle East (Bahrain) me-south-1 Not Supported Not Supported Not Supported South America (Sao Paulo) sa-east-1 Not Supported Not Supported Supported GovCloud (US-East) us-gov-east-1 Not Supported Not Supported Not Supported GovCloud (US-West) us-gov-west-1 Not Supported Not Supported Not Supported US East (N. Virginia) us-east-1 Supported Supported Supported US East (Ohio) us-east-2 Supported Supported Not Supported US West (N. California) us-west-1 Supported Supported Not Supported US West (Oregon) us-west-2 Supported Supported Supported If your Appian environment isn't in a supported region, you can elect to use these AI skills by sending your data to a supported region. This doesn't change your environment's region. Contact Appian Support to learn more. Refer to the multi-region architecture diagram to learn more about how data is transmitted in this configuration. Caution: Changing your Appian environment's region will make any of these AI skills that exist no longer available in your environment. Multi-region environments and migration between regions are not supported. However, if Enhanced Business Continuity is enabled for your environment and a failover occurs, AI skill data will be present when you return to your primary region. AI skill data isn't lost permanently in this case. Add AI skill endpoints to your network allowlist To ensure the AI skill is available in your environment, locate your environment's region in the table below and add the corresponding endpoints to your network allow list. Add the endpoints that corresponds to your site's region, even if you send AI skill data to a different supported region. For PCI-compliant sites, use the endpoints that include -strict in the string. Designer endpoints support proper rendering of the user interface. S3 endpoints enable storage for the model and related data. AI skills may not be available in all regions. Region Name Designer Endpoint S3 Endpoint Africa (Cape Town) https://ai-skill-designer-af-south-1.appiancloud.com https://appian-custom-ai-customer-af-south-1-customer-bucket.s3.af-south-1.amazonaws.com Asia Pacific (Tokyo) https://ai-skill-designer-ap-northeast-1.appiancloud.com https://appian-custom-ai-customer-ap-northeast-1-customer-bucket.s3.ap-northeast-1.amazonaws.com Asia Pacific (Seoul) https://ai-skill-designer-ap-northeast-2.appiancloud.com https://appian-custom-ai-customer-ap-northeast-2-customer-bucket.s3.ap-northeast-2.amazonaws.com Asia Pacific (Mumbai) https://ai-skill-designer-ap-south-1.appiancloud.com https://appian-custom-ai-customer-ap-south-1-customer-bucket.s3.ap-south-1.amazonaws.com Asia Pacific (Singapore) https://ai-skill-designer-ap-southeast-1.appiancloud.com https://appian-custom-ai-customer-ap-southeast-1-customer-bucket.s3.ap-southeast-1.amazonaws.com Asia Pacific (Sydney) https://ai-skill-designer-ap-southeast-2.appiancloud.com https://appian-custom-ai-customer-ap-southeast-2-customer-bucket.s3.ap-southeast-2.amazonaws.com Asia Pacific (Jakarta) https://ai-skill-designer-ap-southeast-3.appiancloud.com https://appian-custom-ai-customer-ap-southeast-3-customer-bucket.s3.ap-southeast-3.amazonaws.com Canada (Central) https://ai-skill-designer-ca-central-1.appiancloud.com https://appian-custom-ai-customer-ca-central-1-customer-bucket.s3.ca-central-1.amazonaws.com Europe (Frankfurt) https://ai-skill-designer-eu-central-1.appiancloud.com https://appian-custom-ai-customer-eu-central-1-customer-bucket.s3.eu-central-1.amazonaws.com Europe (Zurich) https://ai-skill-designer-eu-central-2.appiancloud.com https://appian-custom-ai-customer-eu-central-2-customer-bucket.s3.eu-central-2.amazonaws.com Europe (Stockholm) https://ai-skill-designer-eu-north-1.appiancloud.com https://appian-custom-ai-customer-eu-north-1-customer-bucket.s3.eu-north-1.amazonaws.com Europe (Milan) https://ai-skill-designer-eu-south-1.appiancloud.com https://appian-custom-ai-customer-eu-south-1-customer-bucket.s3.eu-south-1.amazonaws.com Europe (Ireland) https://ai-skill-designer-eu-west-1.appiancloud.com https://appian-custom-ai-customer-eu-west-1-customer-bucket.s3.eu-west-1.amazonaws.com Europe (London) https://ai-skill-designer-eu-west-2.appiancloud.com https://appian-custom-ai-customer-eu-west-2-customer-bucket.s3.eu-west-2.amazonaws.com Europe (Paris) https://ai-skill-designer-eu-west-3.appiancloud.com https://appian-custom-ai-customer-eu-west-3-customer-bucket.s3.eu-west-3.amazonaws.com Middle East (UAE) https://ai-skill-designer-me-central-1.appiancloud.com https://appian-custom-ai-customer-me-central-1-customer-bucket.s3.me-central-1.amazonaws.com Middle East (Bahrain) https://ai-skill-designer-me-south-1.appiancloud.com https://appian-custom-ai-customer-me-south-1-customer-bucket.s3.me-south-1.amazonaws.com South America (São Paulo) https://ai-skill-designer-sa-east-1.appiancloud.com https://appian-custom-ai-customer-sa-east-1-customer-bucket.s3.sa-east-1.amazonaws.com US East (N. Virginia) standard site: https://ai-skill-designer-us-east-1.appiancloud.com PCI-compliant site: https://ai-skill-designer-strict-us-east-1.appiancloud.com https://appian-custom-ai-customer-us-east-1-customer-bucket.s3.us-east-1.amazonaws.com US East (Ohio) https://ai-skill-designer-us-east-2.appiancloud.com https://appian-custom-ai-customer-us-east-2-customer-bucket.s3.us-east-2.amazonaws.com US West (N. California) https://ai-skill-designer-us-west-1.appiancloud.com https://appian-custom-ai-customer-us-west-1-customer-bucket.s3.us-west-1.amazonaws.com US West (Oregon) https://ai-skill-designer-us-west-2.appiancloud.com https://appian-custom-ai-customer-us-west-2-customer-bucket.s3.us-west-2.amazonaws.com Note that these endpoints are only used for publicly accessible environments. They do not apply to environments accessed over VPN, PrivateLink, or Dual Access. AI service architecture This section applies to AI Skills and the records chat component. Learn more about private AI features. Our AI architecture is designed with private AI as the foundation and upholds those principles. Review each feature's compliance for more specific information and to ensure it aligns with your organization's security requirements. Single region architecture Appian's AI architecture utilizes a single AWS region to provide a secure and scalable AI as a service solution. These capabilities are in-line with the architecture of Appian Cloud deployments, which also use AWS as the provider. Multi-region architecture If a customer site is not located in a region that supports a feature, customers can elect to send their data to a supported region. Note: The email classification AI skill uses neither of these services (Amazon Bedrock or Amazon Textract). Foundational principles Foundational principles of our AI architecture apply to single- and multi-region implementations. Multi-tenant AI service: Appian's multi-tenant AI service is shared among multiple customers in a given region and has multiple layers of control to restrict data access to respective customer sites. The service has site-level controls to restrict data access and encryption/decryption permissions, whether that distinction is a separate customer site or a separate site within a single customer's environment. This shared service approach allows for economies of scale. Data transit and retention: All of your data stays within the Appian Cloud environment. All data in-transit is encrypted using TLS. Communication between Appian and the AI service uses asymmetric signing where each customer site has a unique key used to verify its identity. Communication between the AI service, Amazon Bedrock, and Amazon Textract uses AWS Signature V4 authentication to verify the identity of the requesting service. Bedrock and Textract are stateless, so no information is retained. Learn more about Amazon Bedrock. Learn more about Amazon Textract. Document classification and extraction The document classification and document extraction AI skills use Amazon Textract to recognize the content within the documents. When the ML model is called during training, testing, or process execution, the associated documents are uploaded to an S3 bucket. The documents are kept in the same region as the customer site. Additionally, the bucket is: Encrypted using keys specific to each customer site Segmented for each customer site Not accessible by application developers or users Note: If the documents to be classified or extracted contain protected data, then this protected data would be required in order to leverage extraction and classification features. Customers can use other mechanisms to redact protected data that is considered as proprietary, sensitive, or confidential, and data containing PII/PHI in accordance with their organization's policies prior to using these AI skills. All data used for a model both at training and execution is retained until the AI skill is deleted. The model package is deleted when the AI skill object is deleted. When a user submits a reconciliation task after document extraction, the updated key-value pair mappings are entirely stored within the application on the customer's site. Learn how document extraction works in Appian. Records chat Users can only chat with records they have access to. Record-level security is the responsibility of the customer to develop and maintain. No records data is retained in either the AI service or Bedrock due to their stateless nature. Feedback Was this page helpful? SHARE FEEDBACK Loading...