AI governance guide
AI Vendor Risk Questions
Board and leadership questions for reviewing AI vendors, contracts, data handling, model changes, security and dependency risk.
Guide
Practical board-level starting point.
AI vendor risk starts with data. Leaders should know what data the vendor receives, whether it can be retained, whether it trains models and where it is processed.
Boards should ask how vendor tools are tested, what happens when models change, what assurances are contractual and what exit options exist if the tool becomes unsuitable.
Vendor review should also include security, confidentiality, auditability, service continuity, liability and whether the organisation has become too dependent on one provider.
Next steps
Turn the guide into action.
Board AI Readiness Scorecard · AI Use Case Risk Classifier · AI Policy Generator