Free cookie consent management tool by TermsFeed Security and Compliance [AI Capabilities]
Security and Compliance

Compliance

AI skills are only available for Cloud customers at this time. Self-managed and Appian Government Cloud customers don't have access to this feature.

Appian Cloud HIPAA or PCI-DSS customers: Before enabling this feature, please review its compliance to ensure it aligns with your organization's security requirements.

Note:  AI Skills are not available as part of high availability (HA) configuration at this time, but it won't impact other HA features in your environment. See High Availability for Appian Cloud for more information.

Regional availability

Tip:  Unless listed below, AI skills are available in all regions.

The following AI skills are available in select regions:

Region Name Region Document Classification Document Extraction Prompt Builder and generative AI skills
Africa (Cape Town) af-south-1 Not Supported Not Supported Not Supported
Asia Pacific (Tokyo) ap-northeast-1 Not Supported Not Supported Supported
Asia Pacific (Seoul) ap-northeast-2 Supported Supported Not Supported
Asia Pacific (Mumbai) ap-south-1 Supported Supported Not Supported
Asia Pacific (Singapore) ap-southeast-1 Supported Supported Supported
Asia Pacific (Sydney) ap-southeast-2 Supported Supported Supported
Asia Pacific (Jakarta) ap-southeast-3 Not Supported Not Supported Not Supported
Canada (Central) ca-central-1 Supported Supported Not Supported
Europe (Frankfurt) eu-central-1 Supported Supported Supported
Europe (Zurich) eu-central-2 Not Supported Not Supported Not Supported
Europe (Stockholm) eu-north-1 Not Supported Not Supported Not Supported
Europe (Milan) eu-south-1 Not Supported Not Supported Not Supported
Europe (Ireland) eu-west-1 Supported Supported Not Supported
Europe (London) eu-west-2 Supported Supported Not Supported
Europe (Paris) eu-west-3 Supported Supported Supported
Middle East (UAE) me-central-1 Not Supported Not Supported Not Supported
Middle East (Bahrain) me-south-1 Not Supported Not Supported Not Supported
South America (Sao Paulo) sa-east-1 Not Supported Not Supported Not Supported
GovCloud (US-East) us-gov-east-1 Supported Supported Not Supported
US East (N. Virginia) us-east-1 Supported Supported Supported
US East (Ohio) us-east-2 Supported Supported Not Supported
US West (N. California) us-west-1 Supported Supported Not Supported
US West (Oregon) us-west-2 Supported Supported Supported

If your Appian environment isn't in a supported region, you can elect to use these AI skills by sending your data to a supported region. This doesn't change your environment's region. Contact Appian Support to learn more. Refer to the multi-region architecture diagram to learn more about how data is transmitted in this configuration.

Caution:  Changing your Appian environment's region will make any of these AI skills that exist no longer available in your environment. Multi-region environments and migration between regions are not supported.

However, if Enhanced Business Continuity is enabled for your environment and a failover occurs, AI skill data will be present when you return to your primary region. AI skill data isn't lost permanently in this case.

Add AI skill endpoints to your network allowlist

To ensure the AI skill is available in your environment, locate your environment's region in the table below and add the corresponding endpoints to your network allow list. Add the endpoints that corresponds to your site's region, even if you send AI skill data to a different supported region.

Designer endpoints support proper rendering of the user interface. S3 endpoints enable storage for the model and related data.

AI skills may not be available in all regions.

Region Name Designer Endpoint S3 Endpoint
Africa (Cape Town) https://ai-skill-designer-af-south-1.appiancloud.com https://appian-custom-ai-customer-af-south-1-customer-bucket.s3.af-south-1.amazonaws.com
Asia Pacific (Tokyo) https://ai-skill-designer-ap-northeast-1.appiancloud.com https://appian-custom-ai-customer-ap-northeast-1-customer-bucket.s3.ap-northeast-1.amazonaws.com
Asia Pacific (Seoul) https://ai-skill-designer-ap-northeast-2.appiancloud.com https://appian-custom-ai-customer-ap-northeast-2-customer-bucket.s3.ap-northeast-2.amazonaws.com
Asia Pacific (Mumbai) https://ai-skill-designer-ap-south-1.appiancloud.com https://appian-custom-ai-customer-ap-south-1-customer-bucket.s3.ap-south-1.amazonaws.com
Asia Pacific (Singapore) https://ai-skill-designer-ap-southeast-1.appiancloud.com https://appian-custom-ai-customer-ap-southeast-1-customer-bucket.s3.ap-southeast-1.amazonaws.com
Asia Pacific (Sydney) https://ai-skill-designer-ap-southeast-2.appiancloud.com https://appian-custom-ai-customer-ap-southeast-2-customer-bucket.s3.ap-southeast-2.amazonaws.com
Asia Pacific (Jakarta) https://ai-skill-designer-ap-southeast-3.appiancloud.com https://appian-custom-ai-customer-ap-southeast-3-customer-bucket.s3.ap-southeast-3.amazonaws.com
Canada (Central) https://ai-skill-designer-ca-central-1.appiancloud.com https://appian-custom-ai-customer-ca-central-1-customer-bucket.s3.ca-central-1.amazonaws.com
Europe (Frankfurt) https://ai-skill-designer-eu-central-1.appiancloud.com https://appian-custom-ai-customer-eu-central-1-customer-bucket.s3.eu-central-1.amazonaws.com
Europe (Zurich) https://ai-skill-designer-eu-central-2.appiancloud.com https://appian-custom-ai-customer-eu-central-2-customer-bucket.s3.eu-central-2.amazonaws.com
Europe (Stockholm) https://ai-skill-designer-eu-north-1.appiancloud.com https://appian-custom-ai-customer-eu-north-1-customer-bucket.s3.eu-north-1.amazonaws.com
Europe (Milan) https://ai-skill-designer-eu-south-1.appiancloud.com https://appian-custom-ai-customer-eu-south-1-customer-bucket.s3.eu-south-1.amazonaws.com
Europe (Ireland) https://ai-skill-designer-eu-west-1.appiancloud.com https://appian-custom-ai-customer-eu-west-1-customer-bucket.s3.eu-west-1.amazonaws.com
Europe (London) https://ai-skill-designer-eu-west-2.appiancloud.com https://appian-custom-ai-customer-eu-west-2-customer-bucket.s3.eu-west-2.amazonaws.com
Europe (Paris) https://ai-skill-designer-eu-west-3.appiancloud.com https://appian-custom-ai-customer-eu-west-3-customer-bucket.s3.eu-west-3.amazonaws.com
Middle East (UAE) https://ai-skill-designer-me-central-1.appiancloud.com https://appian-custom-ai-customer-me-central-1-customer-bucket.s3.me-central-1.amazonaws.com
Middle East (Bahrain) https://ai-skill-designer-me-south-1.appiancloud.com https://appian-custom-ai-customer-me-south-1-customer-bucket.s3.me-south-1.amazonaws.com
South America (São Paulo) https://ai-skill-designer-sa-east-1.appiancloud.com https://appian-custom-ai-customer-sa-east-1-customer-bucket.s3.sa-east-1.amazonaws.com
GovCloud (US-East) https://ai-skill-designer-us-gov-east-1.appiancloud.com https://cai-gov-customer-us-gov-east-1-customer-bucket.s3-fips.us-gov-east-1.amazonaws.com
US East (N. Virginia) https://ai-skill-designer-us-east-1.appiancloud.com https://appian-custom-ai-customer-us-east-1-customer-bucket.s3.us-east-1.amazonaws.com
US East (Ohio) https://ai-skill-designer-us-east-2.appiancloud.com https://appian-custom-ai-customer-us-east-2-customer-bucket.s3.us-east-2.amazonaws.com
US West (N. California) https://ai-skill-designer-us-west-1.appiancloud.com https://appian-custom-ai-customer-us-west-1-customer-bucket.s3.us-west-1.amazonaws.com
US West (Oregon) https://ai-skill-designer-us-west-2.appiancloud.com https://appian-custom-ai-customer-us-west-2-customer-bucket.s3.us-west-2.amazonaws.com

Note that these endpoints are only used for publicly accessible environments. They do not apply to environments accessed over VPN, PrivateLink, or Dual Access.

AI service architecture

This section applies to AI Skills, the records chat component, and data fabric insights' chat capability. Learn more about private AI features.

Our AI architecture is designed with private AI as the foundation and upholds those principles.

Single region architecture

Appian's AI architecture utilizes a single AWS region to provide a secure and scalable AI as a service solution. These capabilities are in-line with the architecture of Appian Cloud deployments, which also use AWS as the provider.

Multi-region architecture

If a customer site is not located in a region that supports a feature, customers can elect to send their data to a supported region.

Note:  The email classification AI skill uses neither of these services (Amazon Bedrock or Amazon Textract).

Foundational principles

Foundational principles of our AI architecture apply to single- and multi-region implementations.

Multi-tenant AI service: Appian's multi-tenant AI service is shared among multiple customers in a given region and has multiple layers of control to restrict data access to respective customer sites. The service has site-level controls to restrict data access and encryption/decryption permissions, whether that distinction is a separate customer site or a separate site within a single customer's environment. This shared service approach allows for economies of scale.

Data transit and retention:

  • All of your data stays within the Appian Cloud environment.
  • All data in-transit is encrypted using TLS.
  • Communication between Appian and the AI service uses asymmetric signing where each customer site has a unique key used to verify its identity.
  • Communication between the AI service, Amazon Bedrock, and Amazon Textract uses AWS Signature V4 authentication to verify the identity of the requesting service.
  • Bedrock and Textract are stateless, so no information is retained.

Learn more about Amazon Bedrock.

Learn more about Amazon Textract.

Document classification and extraction

The document classification and document extraction AI skills use Amazon Textract to recognize the content within the documents.

When the ML model is called during training, testing, or process execution, the associated documents are uploaded to an S3 bucket. The documents are kept in the same region as the customer site.

Additionally, the bucket is:

  • Encrypted using keys specific to each customer site
  • Segmented for each customer site
  • Not accessible by application developers or users

Note:  If the documents to be classified or extracted contain protected data, then this protected data would be required in order to leverage extraction and classification features. Customers can use other mechanisms to redact protected data that is considered as proprietary, sensitive, or confidential, and data containing PII/PHI in accordance with their organization's policies prior to using these AI skills.

All data used for a model both at training and execution is retained until the AI skill is deleted. The model package is deleted when the AI skill object is deleted.

When a user submits a reconciliation task after document extraction, the updated key-value pair mappings are entirely stored within the application on the customer's site.

Learn how document extraction works in Appian.

Records chat

Users can only chat with records they have access to. Record-level security is the responsibility of the customer to develop and maintain. No records data is retained in either the AI service or Bedrock due to their stateless nature.

Open in Github Built: Fri, Jun 14, 2024 (05:47:37 PM)

Security and Compliance

FEEDBACK