Procurement
Operational controls for procurement — with maturity levels, evidence requirements, and implementation guidance.
Not sure where to start? Answer 3 questions and get a tailored compliance action plan.
What applies to me? →5 controls matching filters
Vendor AI Incident Notification Requirements
Require AI vendors to notify the organization of incidents affecting their AI systems within defined timeframes and with specified information.
Vendor Governance Change Monitoring
Monitor material changes to AI vendors' governance structures, safety leadership, and organizational policies that may affect the risk profile of deployed systems.
AI Vendor Financial Stability Assessment
Assess the financial stability and organizational viability of AI vendors as part of vendor selection and periodic due diligence, applying criteria calibrated to the current market environment including consolidation pressure, regulatory cost exposure, and dependence on continued investor funding.
AI Safety Index and Benchmark Monitoring
Track external AI safety indices, benchmark ratings, and third-party evaluation results for AI vendors and models used by the organization, and incorporate material findings into the vendor risk assessment and re-assessment cycle.
AI Platform Conflict-of-Interest Assessment
Assess and manage conflicts of interest that arise when an AI vendor both develops or deploys AI models and provides the oversight tooling, monitoring, or safety evaluation services used to govern those same models, ensuring governance decisions are not structurally dependent on vendor-controlled inputs.
