Vendor Risk Assessment for AI
AI-Specific Vendor Assessment Questions
Add these to your existing vendor risk questionnaire:
Data Handling
- Where is inference data processed and stored?
- Is data used to train or improve the vendor's models?
- Can data retention be configured or disabled?
- What encryption is applied to data in transit and at rest?
- How is multi-tenant isolation implemented?
Model Security
- How are models protected against adversarial attacks?
- What red teaming has been performed on the model?
- How frequently are models updated, and is there a changelog?
- What safety evaluations and benchmarks are published?
- How are model weights and serving infrastructure secured?
Compliance
- What certifications does the vendor hold? (SOC 2, ISO 27001, etc.)
- Does the vendor support GDPR data subject access requests?
- Where is data geographically processed?
- Is there a Data Processing Agreement (DPA) available?
- How does the vendor handle government data access requests?
Operational
- What is the SLA for API availability?
- What notice is given before model version changes?
- Is there a model deprecation policy?
- What rate limits apply, and how are they enforced?
- What incident notification commitments exist?
Vendor Comparison Matrix
| Factor | OpenAI | Anthropic | Google (Vertex AI) | Self-hosted (Llama) |
|---|---|---|---|---|
| Data used for training? | Opt-out available (API) | No (API) | Configurable | N/A — your control |
| SOC 2 | Yes | Yes | Yes | N/A |
| Data residency options | Limited | Limited | Multi-region | Full control |
| Model versioning | Dated snapshots | Dated snapshots | Versioned | Full control |
| Outage impact | Their downtime = yours | Same | Same | Your infra = your responsibility |
| Cost predictability | Per-token | Per-token | Per-token | Fixed infra cost |