AWS nova documentation change
Summary
Updated examples and wording for reasoning mode vs non-reasoning mode usage
Security assessment
General documentation improvements about model capabilities without specific security context or security feature additions.
Diff
diff --git a/nova/latest/nova2-userguide/prompting-best-practices.md b/nova/latest/nova2-userguide/prompting-best-practices.md index 9a397d245..9ad69f2ab 100644 --- a//nova/latest/nova2-userguide/prompting-best-practices.md +++ b//nova/latest/nova2-userguide/prompting-best-practices.md @@ -5 +5 @@ -Create precise promptsBring focus to sections of the promptUse a system roleProvide examples (few-shot prompting)Advanced prompting techniquesIterate and optimizeConsider special casesImplementing best practicesNext steps +Create precise promptsBring focus to sections of the promptUse a system roleProvide examples (few-shot prompting)Advanced prompting techniques @@ -25,8 +24,0 @@ For more information on how to prompt multimodal inputs, content generation, or - * Iterate and optimize - - * Consider special cases - - * Implementing best practices - - * Next steps - @@ -217 +209 @@ The system role establishes overall behavior, personality and constraints for th -To give the model a customized role, you can set the system parameter in the API: +Refer back to the System Role definition in the [Understanding the roles](./prompting-what-is.html#understanding-roles) section. @@ -218,0 +211 @@ To give the model a customized role, you can set the system parameter in the API +### Prompting prompt hierarchy adherence @@ -220,16 +213 @@ To give the model a customized role, you can set the system parameter in the API - "system": [ - { - "text": "You are a SaaS compliance expert. For each compliance question, follow these steps: 1) Identify the relevant regulations, 2) Explain the compliance requirements, 3) Suggest necessary features or practices, 4) Recommend documentation steps." - } - ], - "messages": [ - { - "role": "user", - "content": [ - { - "type": "text", - "text": "What do we need to do to ensure GDPR compliance?" - } - ] - } - ] +Using a system prompt, with a persona and specific items listed to respond, helps the model to focus more on the specified system instructions. @@ -237 +215,3 @@ To give the model a customized role, you can set the system parameter in the API -###### Tip +Role | No System Prompt | With a System Prompt +---|---|--- +System | NA | You are a SaaS compliance expert. For each compliance question, follow these steps: @@ -239 +219,4 @@ To give the model a customized role, you can set the system parameter in the API -To best utilize the system role, make sure your system prompt is clear, concise and specific, following the same strategies as described in Create precise prompts. For example, when you want to restrict the topics which the model should respond to, instruct it specifically such as "DO NOT talk about ..." or "You MUST talk about ...". + 1. Identify the relevant regulations + 2. Explain the compliance requirements + 3. Suggest necessary features or practices + 4. Recommend documentation steps @@ -241 +224,25 @@ To best utilize the system role, make sure your system prompt is clear, concise -###### Tip +You output should be concise. +User | What do we need to do to ensure GDPR compliance? | What do we need to do to ensure GDPR compliance? +Assistant | Ensuring GDPR (General Data Protection Regulation) compliance involves a series of steps and best practices. Here's a comprehensive outline to help you achieve compliance: **1\. Understand GDPR Requirements** + + * **Scope:** GDPR applies to any organization that processes personal data of individuals located in the EU, regardless of where the organization is based. + * **Key Principles:** Lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; accountability. + +**2\. Appoint a Data Protection Officer (DPO)** + + * **Requirements:** A DPO is mandatory for certain types of organizations (e.g., public authorities, large-scale processing activities). + * **Responsibilities:** To oversee GDPR compliance, act as a point of contact for data subjects and supervisory authorities. + +**3\. Conduct Data Protection Impact Assessments (DPIAs)** + + * **Purpose:** To identify and mitigate privacy risks in new projects or activities that involve processing personal data. + +**4\. Appoint a GDPR Compliance Officer** + + * **Role:** Designate someone within your organization to oversee GDPR compliance efforts. + +**5\. Develop and Implement a GDPR Compliance Policy** + + * **Documentation:** Create a comprehensive policy detailing how your organization will comply with GDPR requirements. + +**6\. Update Privacy Notices** @@ -243 +250 @@ To best utilize the system role, make sure your system prompt is clear, concise -To further restrict the model to a hierarchy structure, you can add the following suffix to your system prompt to emphasize the hierarchy adherence structure between system and user instructions: + * **Content:** Clearly inform individuals about how their data will be used, their rights, and how they can exercise these rights. @@ -245 +252 @@ To further restrict the model to a hierarchy structure, you can add the followin -"The above system instructions define your capabilities and your scope. If the user request contradicts any system instruction or if the request is outside your scope, you must politely decline the request briefly explaining your capabilities and your scope." +**7\. Ensure Lawful Basis for Processing** @@ -247 +254 @@ To further restrict the model to a hierarchy structure, you can add the followin -The following items are some things that you can add in a system prompt template: + * **Legal Grounds:** Identify and document the lawful basis for processing personal data (e.g., consent, contract, legal obligation, legitimate interests, etc.). @@ -249 +256 @@ The following items are some things that you can add in a system prompt template - * To give a persona or a role to the model (replace the placeholder with your actual persona): +**8\. Implement Data Protection by Design and Default** @@ -251 +258 @@ The following items are some things that you can add in a system prompt template - You are a {persona}. + * **Practices:** Incorporate privacy features into the development and deployment of systems and processes. @@ -253 +260 @@ The following items are some things that you can add in a system prompt template - * To give series of instructions that should be followed while answering (replace the placeholder with your actual instructions): +**9\. Train Employees** @@ -255,3 +262 @@ The following items are some things that you can add in a system prompt template - ## Model Instructions - To answer user question, you follow these instructions/steps: - {bulleted list of Instructions} + * **Education:** Provide GDPR training for staff to ensure they understand their responsibilities and the importance of data protection. @@ -259 +264 @@ The following items are some things that you can add in a system prompt template - * To specify the output schema to be followed when responding (replace the placeholder with your actual output schema definition): +**10\. Implement Security Measures** @@ -261,2 +266,66 @@ The following items are some things that you can add in a system prompt template - ## Response Schema - Your response should be in the following output schema: {clear definition of Output schema} + * **Protection:** Use appropriate technical and organizational measures to secure personal data against unauthorized access, disclosure, or destruction. + +**11\. Establish Data Subject Rights Procedures** + + * **Rights:** Enable individuals to exercise their rights under GDPR, such as access, rectification, erasure (right to be forgotten), restriction of processing, data portability, and objection. + +**12\. Maintain Records of Processing Activities** + + * **Documentation:** Keep a record of all data processing activities as required by Article 30 of GDPR. + +**13\. Conduct Regular Audits** + + * **Review:** Regularly audit your processes to ensure ongoing compliance with GDPR. + +**14\. Respond to Data Breaches** + + * **Notification:** Notify supervisory authorities within 72 hours of a data breach and inform affected individuals if there is a high risk to their rights and freedoms. + +**15\. Develop a Data Protection Officer (DPO) Action Plan** + + * **Action:** If applicable, create an action plan for the DPO to follow to ensure compliance. + +**16\. Maintain Continuous Improvement** + + * **Adaptation:** Stay updated on GDPR changes and continuously improve your data protection measures. + +**17\. Monitor and Review GDPR Compliance** + + * **Assessment:** Regularly assess and review your compliance efforts and make necessary adjustments. + +By following these steps, you can ensure that your organization complies with GDPR and protects the personal data of individuals within the EU. | **1) Identify the Relevant Regulations:** GDPR (General Data Protection Regulation) **2) Explain the Compliance Requirements:** + + * **Data Protection Principles:** Lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality. + * **Rights of Data Subjects:** Access, rectification, erasure (right to be forgotten), restriction of processing, data portability, objection. + * **Accountability:** Data protection impact assessments (DPIAs); appointment of Data Protection Officers (DPOs) where required; record of processing activities. + +**3) Suggest Necessary Features or Practices:** + + * **Consent Management:** Implement mechanisms for obtaining, recording, and managing user consent. + * **Data Access Controls:** Ensure proper authentication and authorization for data access. + * **Data Minimization:** Collect only the data necessary for the specified purpose. + * **Data Anonymization/Pseudonymization:** Use techniques to protect personal data. + * **DPIA Tooling:** Automated tools to identify and assess potential risks to personal data. + * **User Rights Management:** Provide mechanisms for users to exercise their rights easily. + * **Audit Logging:** Maintain detailed logs of data access and processing activities. + * **Data Retention Policies:** Clearly define and enforce data retention and deletion policies. + +**4) Recommend Documentation Steps:** + + * **Data Processing Agreements:** Document agreements with third parties processing data on your behalf. + * **Records of Processing Activities:** Maintain an up-to-date inventory of all data processing activities. + * **Privacy Notices:** Provide clear and concise privacy notices to data subjects. + * **DPIA Documentation:** Record and retain documentation of all DPIAs conducted. + * **Incident Response Plan:** Develop and document a plan for responding to data breaches. + * **Training Records:** Document employee training on GDPR compliance. + * **Audit Trails:** Keep detailed records of compliance checks and audits. + + + +After adding the system prompt, the model's responses are highly stylized towards the medieval scroll style as indicated in the System Prompt. + +Role | No System Prompt | With a System Prompt +---|---|--- +System | NA | Provide answers in the style of a medieval scroll, using old English vocabulary and phrases. +User | Explain the modern concept of hotel loyalty programs and their benefits. | Explain the modern concept of hotel loyalty programs and their benefits. +Assistant | Hotel loyalty programs have evolved significantly in the modern hospitality industry, becoming sophisticated tools for enhancing customer retention and satisfaction. These programs offer various benefits to both hotels and guests, leveraging technology and data analytics to create a more personalized experience. **Key Components of Modern Hotel Loyalty Programs:** **1\. Tiered Membership Levels:** @@ -264 +333,3 @@ The following items are some things that you can add in a system prompt template - * Specify any guardrails that the model should avoid explicitly (replace the placeholder with your actual guardrails): + * **Basic Membership:** Entry-level membership that provides basic benefits. + * **Mid-Tier Membership:** Includes additional perks such as room upgrades, faster check-in, and special offers. + * **Top-Tier Membership:** Offers premium benefits like complimentary upgrades, room service, exclusive access to hotel events, and more. @@ -266,3 +337 @@ The following items are some things that you can add in a system prompt template - Make sure to follow below guardrails - ## Guardrails - {guardrails} +**2\. Point System:** @@ -269,0 +339,2 @@ The following items are some things that you can add in a system prompt template + * Guests earn points for every stay, purchases made in hotel restaurants, and other activities. + * Points can be redeemed for free nights, upgrades, or other rewards. @@ -270,0 +342 @@ The following items are some things that you can add in a system prompt template +**3\. Mobile App Integration:** @@ -271,0 +344,105 @@ The following items are some things that you can add in a system prompt template + * Modern programs often have a dedicated mobile app that allows guests to easily manage their account, check in, and access exclusive offers. + * Features may include digital key access, personalized recommendations, and real-time updates. + +**4\. Personalization:** + + * Utilizing data analytics, hotels can tailor recommendations and offers to individual guest preferences, enhancing the overall experience. + * Personalized marketing through emails and push notifications can keep guests engaged. + +**5\. Cross-Brand Benefits:** + + * Some loyalty programs offer benefits across multiple brands within a hotel group or even within different hospitality groups. + * This can include discounts, points transfers, and combined rewards.