Vendor & Model Due Diligence is the comprehensive assessment process applied when selecting AI vendors, tools, or pre-trained models. This includes evaluating vendor security certifications (ISO 27001, SOC 2), understanding how vendors handle your data (retention, processing location, access controls), assessing model transparency through documentation like model cards (training data, known limitations, bias testing), reviewing contract terms (data ownership, liability, exit provisions), understanding model provenance (where training data came from), and planning for vendor lock-in risks.
When procuring AI, you’re often entrusting sensitive data to third parties and relying on “black box” systems whose inner workings may be opaque. Inadequate due diligence can lead to security breaches, compliance violations, unexpected costs, or dependency on vendors with poor practices. This dimension evaluates your due diligence processes.
Why It Matters
Inadequate vendor due diligence can lead to security breaches, compliance violations, and vendor lock-in.
Maturity Levels
| Basic | Standard | Advanced | Leading |
|---|---|---|---|
| No formal vendor checks; tools adopted without security or compliance review. | Vendor certifications (e.g., ISO 27001, SOC 2) reviewed during procurement. | Comprehensive due diligence including model cards, data provenance, and contract terms. | Ongoing vendor management throughout the AI lifecycle, with regular audits and performance reviews. |
See This in Practice
🦺 AI Safety Monitoring
Phase 1 details comprehensive vendor evaluation: reviewing construction-specific model capabilities, assessing security certifications, understanding data handling, evaluating model transparency, and negotiating contract terms before selection.
View case study →
Energy⚡ Grid Optimization
Shows model selection rigor: evaluating forecasting model performance, reviewing training data provenance, assessing vendor resilience for critical infrastructure, and establishing ongoing model monitoring and vendor management processes.
View case study →
📥 Related Resources & Templates
Downloadable templates, examples, and frameworks to help you implement this dimension.
Model Card
PremiumStandardized model card template for documenting AI model capabilities, limitations, training data, and performance characteristics.
Vendor Due Diligence Report
PremiumComprehensive template for conducting due diligence on AI vendors, including security, compliance, and capability assessment.
Certification Evidence Tracker
PremiumTemplates for documenting and tracking vendor certifications, compliance evidence, and audit documentation.