It’s Monday. 9 February 2026. A video call. Nine people. Not a crisis meeting, not a deadline scramble - a training session on data classification. Voluntary attendance. Every single person showed up. That fact alone tells you something. Not about the topic. About the team.
The Conversation That Gets Skipped
Most public discourse about AI follows a well-worn path: risk, harm, bias, hallucination, data exposure, job displacement, regulation. All valid. All necessary. But somewhere in that noise, a quieter conversation has gone missing - the one about what AI can actually do when used with intention, structure, and care.
Not breathless futurism. Not a vendor pitch. The real, grounded, specific good that becomes possible when a team decides to use these tools responsibly.
That is the conversation we chose to have on a Monday morning.
What Happened in the Room
I walked the team through five data classification levels. Public data at one end. Strictly Confidential at the other. For each level, a clear set of rules: where it can go, who can access it, which AI systems are permitted to process it.
Then a four-question decision tree. Every time someone handles client data, four questions. That is it. Four questions that determine whether the data touches a consumer AI product, a commercial API with contractual protections, or nothing at all.
Our BI developer did a live demonstration - classifying a real scenario: looking up the word “attestation” using a consumer-tier AI tool. Harmless. Public information. No client data involved. The point was to show that the classification system is not about prohibition. It is about clarity. Some things are fine. Some things need a commercial contract. Some things do not touch AI at all.
Then two team members practised together: a client CRM export, personally identifiable information, commercial relationships. The kind of data that, without clear classification, could end up in a system that trains on it, stores it indefinitely, or exposes it to third parties.
Questions came from around the team. It was 40 minutes of people genuinely caring about getting this right.
Without clear classification, we risk sending client data to systems that may train on it, store it indefinitely, or expose third parties.
Every team member signed an attestation via DocuSign before the session closed. Not because we forced compliance. Because they understood why it matters.
Why “AI for Good” Is Not a Slogan
The phrase has been co-opted by marketing departments and conference keynotes until it barely means anything. Let me reclaim it with specifics.
In pharmaceutical consulting, “AI for Good” means:
Better data classification protects patient privacy. When a pharmaceutical company shares sales data with us, that data can include prescriber information, territory breakdowns, and patient volume indicators. Knowing exactly which AI systems can process that data - and which cannot - is not a compliance checkbox. It is a direct line to patient trust.
Faster analysis reaches the right medicines to the right patients sooner. We use AI to analyse market dynamics, competitive positioning, and territory intelligence. Under proper governance, this work compresses timelines from weeks to days. That speed matters when the outcome is a medicine reaching a shelf where someone needs it.
Automated compliance reduces human error in regulated environments. Our systems run 872 automated tests. Not because automation is fashionable. Because a human reviewing 872 scenarios will miss things. A machine will not. In pharmaceutical work, what gets missed can have real consequences.
Territory intelligence improves healthcare access mapping. Our Her-Zone platform maps healthcare facilities across South Africa. AI helps identify gaps - areas where pharmacies are under-served, where doctors are concentrated in some regions and absent in others. That intelligence shapes how pharmaceutical companies deploy their field forces. Done well, it means better access. Done carelessly, it means nothing.
AI-powered training reaches more healthcare professionals. Our training systems have delivered content to pharmaceutical sales teams across the country. AI helps generate, verify, and personalise that content. Every module that helps a rep understand a medicine better is a module that helps a patient receive better care.
This is not abstract. This is Tuesday.
The Helsinki Frame
The University of Helsinki runs an internationally recognised programme on the Ethics of AI. It covers the expected ground: bias, fairness, transparency, accountability. It also covers something that gets less attention: AI as a tool for human flourishing.
That phrase stopped me when I first encountered it. Human flourishing. Not human replacement. Not human surveillance. Flourishing.
I mentioned the Helsinki programme to the team during the session. We are pursuing it as a group. Not because a client demanded it. Because the framework aligns with how we already think about this work.
Ethics as a starting position, not an afterthought. Classification as the first step, not the last. Governance as something that enables speed, not something that slows it down.
The Commercial Advantage of Governance
Very few companies in South Africa take this specific step: signing a commercial contract with an AI provider that includes data processing guarantees, zero-training clauses, and audit rights. It is part of our commercial advantage and it brings real value to clients operating in governed environments.
The Numbers Behind the Words
Words are easy. Here is what sits behind ours.
42 critical controls govern how we handle data, deploy code, process client information, and interact with AI systems. Each control has a specific owner, a specific enforcement mechanism, and a specific consequence for violation.
Our security posture scored 110 out of 100 on the Mozilla Observatory. That is not a typo. The scoring system awards bonus points for headers and configurations that go beyond the baseline. We implemented all of them.
We are pursuing ISO 27001. Our POPIA posture sits at 80%, with a registered Information Officer (Registration No. 2026-001668). The remaining 20% is active work, not aspiration.
872 automated tests run on every deployment. If a single test fails, the code does not ship. No exceptions. No overrides.
What This Looks Like for Clients
If you are a pharmaceutical company evaluating partners for commercial intelligence, territory analysis, or training, here is what this means in practice:
Your data will be classified before it touches any system. Every AI interaction involving your information will occur within a commercially contracted environment with zero-training guarantees. Every team member who handles your data has been trained on classification protocols and has signed an attestation confirming their understanding.
This is not a future state. This is today.
For the Industry
Most pharmaceutical consulting firms will eventually get here. Regulation will require it. Client procurement will demand it. Insurance will incentivise it.
The question is whether you arrive because you were forced to, or because you chose to.
We chose Monday morning.
Nine people. A Monday. No mandate. Just a shared understanding that responsible AI is not a department or a document. It is a decision made by every person who touches the work.
A Final Note
This article is not a claim that we have solved AI ethics. We have not. Nobody has. The field moves faster than any governance framework can fully contain.
What I can say is this: we started. We classified. We trained. We signed. We built the infrastructure. We wrote the tests. We measured the results.
And then we showed up on a Monday to make sure everyone understood why.
That is not everything. But it is not nothing either.
The same discipline that governed that Monday session is what sits underneath everything we build, and it is only as good as the controls around it.
Dieter Herbst is CEO of Herbst Group, a pharmaceutical consulting firm based in South Africa. Herbst Group provides sales force effectiveness, commercial intelligence, and AI-governed data services to pharmaceutical companies across the region.
