Secure Controls Framework
Download The SCF
AI Governance

How do I assess AI vendor risk?

Direct Answer

AI vendor risk assessment should cover the vendor's data handling practices, model training methodology, bias testing results, security certifications (such as SOC 2 or ISO 27001), incident response capabilities, and contractual protections. Ask vendors for a system card or model card describing model inputs, outputs, and known limitations. The SCF includes vendor management controls that extend to AI service providers.

Keep Exploring

Relevant Resources

References

Authoritative Sources