AI Vendor Security Due Diligence Questionnaire Builder
Create a tailored security and risk questionnaire for evaluating AI vendors before procurement or legal review.
Prompt Template
Act as a security-conscious procurement lead. Build an AI vendor due diligence questionnaire for evaluating [vendor name or vendor type]. Use case: [chatbot / analytics / coding assistant / document processing / customer support AI] Data sensitivity: [low / moderate / high / regulated] Deployment model: [SaaS / API / on-prem / hybrid] Buyer concerns: [PII handling, model training on customer data, access controls, audit logs, sub-processors, data residency] Stakeholders: [security, legal, IT, procurement, business owner] Create: 1. **A questionnaire** grouped by security, privacy, compliance, AI governance, reliability, and commercial risk 2. **Mandatory vs nice-to-have criteria** 3. **Red flag answers** that should trigger escalation 4. **Scoring guidance** for comparing multiple vendors 5. **A short executive summary template** for the final recommendation Keep the questions practical and specific enough to send directly to a vendor security contact.
Example Output
Security Section
1. Do you use customer prompts, files, or metadata to train foundation models by default? If yes, describe opt-out controls.
2. What admin roles exist, and can access be restricted with SSO and SCIM?
3. Are audit logs exportable for security investigations?
Red Flags
- Vendor cannot state where customer data is stored
- No documented subprocessors or incident notification window
- No way to disable training on customer content
Scoring Guidance
- Security and privacy: 40%
- Reliability and support: 20%
- Governance and contractual protections: 25%
- Cost and implementation risk: 15%
Tips for Best Results
- 💡State whether regulated data is in scope because that changes the questionnaire substantially
- 💡Include any internal security policies so the output maps to real review gates
- 💡Ask for a one-page executive summary if leadership only wants a recommendation memo
- 💡Request separate questions for pilots versus full production rollouts when needed
Related Prompts
One-Page Business Plan
Generate a concise, investor-ready one-page business plan covering all critical aspects of your venture.
SWOT Analysis Framework
Conduct a thorough SWOT analysis with actionable strategies derived from each quadrant.
Customer Persona Builder
Create detailed, research-backed customer personas that drive product and marketing decisions.