← All controls
PRC
Procurement
Operational controls for procurement — with maturity levels, evidence requirements, and implementation guidance.
3 controls matching filters
PRC-001
medium
AI Vendor Due Diligence
Assess AI vendors against security, governance, and compliance criteria before procurement and at defined intervals during the vendor relationship.
PRC-002
medium
AI Contractual Requirements
Define minimum contractual provisions that must be present in agreements with AI vendors, covering data handling, transparency, audit rights, and incident notification.
PRC-005
medium
AI Procurement Risk Assessment
Assess and document the risks of procuring an AI system or service before approval, including technical, legal, privacy, and operational risks.