AI & Emerging Technology Policy 

March 2026 

 

We’re excited about the opportunities AI brings to our clients. At the same time, new tools are entering the market faster than security and privacy standards can keep up. Our goal is not to slow adoption, but to ensure that the tools your team relies on are working for you without putting your organization at risk. This policy outlines where Campfire’s responsibilities as your MSP begin and end with respect to AI and third-party tools. 

​

Your Responsibility: Vetting and Authorization 

The decision to adopt or permit any third-party application, including AI tools such as Microsoft Copilot, ChatGPT, Google Gemini, or Claude, is solely the client’s responsibility. This means your team is responsible for evaluating how those tools handle, store, and transmit your organization’s data, and ensuring they meet your standards for privacy, security, and compliance. 

 

Think of it this way: just as we’re not design experts or QuickBooks consultants, we’re not AI platform specialists. We’re your IT infrastructure and security partner. We can deploy a tool, but understanding how it works and deciding to use it sits with your team. 

​

What Campfire Will Support 

• Installing and deploying approved applications in your managed environment. 

• Vendor-built connectors and integrations that are native to the app (e.g., Copilot built into Microsoft 365). 

• General security best practices and configuring user access and permissions. 
   

What Falls Outside Managed Services 

• Custom AI development, prompt engineering, or workflow automation design. 

• Software engineering, code review, or security auditing of AI tools. 

• Troubleshooting AI-specific behaviour, output accuracy, or model performance. 

• Third-party plugins, marketplace add-ons, or custom API integrations not built into the app by its vendor. 
   

 

Any AI-related deep dive, assessment, strategy session, or implementation consulting is a Professional Services engagement and will be scoped and billed separately from your managed services agreement. 

 

This includes AI readiness assessments, platform evaluations, governance policy development, risk assessments, custom tool configurations, and team training. Reach out to your account manager, and we’ll scope it to your needs. 

 

A Word on Agentic AI 

Agentic AI tools, those that can autonomously send emails, modify files, access databases, or interact with other systems, deserve extra caution. Unlike traditional software, they can take actions with little or no human oversight. Risks include: 

• Unauthorized access to or exposure of sensitive data. 

• Unintended changes to files, records, or system configurations. 

• Confidential information being sent to external AI providers. 

• Actions that violate compliance requirements without the user’s knowledge. 
   

We strongly recommend applying the principle of least privilege and maintaining human oversight of any autonomous AI actions. 

 

Limitation of Liability 

Campfire is not responsible for any data breach, privacy violation, security incident, or compliance issue arising from the client’s use of third-party AI tools and services. 

To be direct: if your team deploys an AI tool and something goes wrong, that liability does not fall on Campfire. We’re here to help prevent those situations, and we encourage you to loop us in early; however, the responsibility for choosing and authorizing tools rests with the client. 

​

​

​We welcome the chance to help you navigate AI safely. Please loop us in before introducing new tools so we can flag risks and ensure compatibility.