Glossary term
Glossary term
Governance and Compliance
The process of identifying, assessing, and monitoring third-party AI providers and AI-enabled vendors. It covers security, privacy, model behavior, data use, performance, contractual rights, regulatory exposure, and exit options. Vendor risk processes should distinguish AI-specific risks from general IT and information-security questions.
The Shared Assessments SIG questionnaire added AI sections in 2024 to support third-party AI due diligence at scale.
OneTrust, ProcessUnity, and ServiceNow Vendor Risk Management offer AI-specific risk modules for enterprises.
FS-ISAC published its Generative AI Vendor Evaluation and Qualitative Risk Assessment Tool in 2024 for financial services third-party AI review.