While vendor relationships can deliver value, they can also expose an organization to organizational, cyber, and business continuity risks.
A third-party AI vendor risk assessment can allow an organization to determine the most likely effects of uncertain events, and then identify, measure, and prioritize them. Potential risks include the accuracy and reliability of operational, customer, and financial information; security breaches; operations effectiveness; and legal and regulatory compliance. By performing vendor due diligence and monitoring (particularly of those that impact your operations), an organization can address those risks and provide a solid foundation for productive relationships, which builds stakeholder trust.
Completing a high-level risk analysis of the AI product or service by categorizing risk across five domains:
A flexible, high-level risk analysis can be conducted to avoid a standardized approach to due diligence. An organization may use the initial risk analysis to guide their efforts to develop an appropriate due diligence plan based on an organization’s risk appetite/risk tolerance and use case for AI.
An internal stakeholder questionnaire can be provided with a fixed set of questions. The questionnaire is not influenced by the risk analysis and instead may be used to supplement or influence the risk analysis if conducted first. The vendor questionnaire should be dynamic, created according to the recommended due diligence plan (the outcome of the initial risk analysis).
[email protected]
Securiti, Inc.
300 Santana Row
Suite 450
San Jose, CA 95128