New Compliance and Administrative Tools for ChatGPT Enterprise

OpenAI has introduced a suite of new compliance and administrative tools for ChatGPT Enterprise, aimed at enhancing data security, supporting compliance programs, and streamlining user access. The announcement follows the successful adoption of ChatGPT Enterprise by organizations such as Boston Consulting Group, PwC, Los Alamos National Laboratory, Moderna, Lowe’s, BBVA, and Western and Southern Financial Group.

Enhanced Compliance and Data Security

OpenAI has launched an Enterprise Compliance API and eight integrations with leading eDiscovery and Data Loss Prevention (DLP) companies. These tools are designed to help organizations in regulated industries, such as finance, healthcare, legal services, and government, meet logging and audit requirements.

The Enterprise Compliance API allows workspace owners to audit and manage their ChatGPT Enterprise workspace data efficiently. It provides a detailed record of time-stamped interactions, including conversations, uploaded files, GPT configurations, memories, and workspace users. Additionally, third-party compliance integrations offer capabilities like archiving, audit trails, data redaction and retention, and policy enforcement.

The following providers support a range of compliance-related activities:

• Forcepoint

• Global Relay

• Microsoft Purview

• Netskope

• Palo Alto Networks

• Relativity

• Smarsh

• Zscaler

These integrations assist ChatGPT Enterprise customers in meeting compliance requirements for regulations like FINRA, HIPAA, and GDPR, preparing for legal proceedings, and monitoring and deleting sensitive data.

Automated User Management

Starting next week, OpenAI will roll out SCIM (System for Cross-domain Identity Management), allowing admins to sync internal employee directories with their ChatGPT Enterprise workspace. This will enable programmatic provisioning and deprovisioning of user accounts, ensuring accurate and up-to-date user access across systems.

SCIM will support custom configurations and most company directories, including Okta Workforce, Microsoft Entra ID, Google Workspace, and Ping. Currently in beta, SCIM will be broadly available next week, and ChatGPT Enterprise customers can reach out to their OpenAI account team for more information.

Expanded GPT Controls

Enterprise workspace admins now have more precise control over GPTs—custom versions of ChatGPT configured with natural language instructions, file uploads, and actions. New settings allow admins to create an approved list of specific domains for more granular control over GPT actions, ensuring interactions with approved services while restricting others.

Admins also have access to:

• Group permissions: Control GPT access and permissions within user groups.

• Comprehensive GPT settings: Manage GPT sharing permissions, view configurations, remove GPTs, transfer ownership, and set global capabilities.

• Third-party GPT controls: Approve specific third-party GPTs or set global controls to allow or restrict external GPTs.

These controls enable more personalized outputs and interactions with other systems while ensuring safe access to GPTs.

Supporting Secure AI Deployments at Scale

OpenAI continues to invest in enterprise security, offering robust data privacy, security, and admin controls with ChatGPT Enterprise. Key features include:

• No use of customer data or metadata for training models

• Data encryption at rest and in transit

• Custom data retention window

• Single Sign-On (SSO) and domain verification

• CCPA, CSA STAR, and SOC 2 Type 2 compliance

OpenAI invites interested organizations to learn more about ChatGPT Enterprise to partner on AI strategy, use case development, and workforce enablement by contacting their sales team. These tools are also available in ChatGPT Edu, providing an accessible AI option for universities.