BusinessChatGPTClaudeGemini

AI Vendor Security Due Diligence Questionnaire Builder

Create a tailored security and risk questionnaire for evaluating AI vendors before procurement or legal review.

Prompt Template

Act as a security-conscious procurement lead. Build an AI vendor due diligence questionnaire for evaluating [vendor name or vendor type].

Use case: [chatbot / analytics / coding assistant / document processing / customer support AI]
Data sensitivity: [low / moderate / high / regulated]
Deployment model: [SaaS / API / on-prem / hybrid]
Buyer concerns: [PII handling, model training on customer data, access controls, audit logs, sub-processors, data residency]
Stakeholders: [security, legal, IT, procurement, business owner]

Create:
1. **A questionnaire** grouped by security, privacy, compliance, AI governance, reliability, and commercial risk
2. **Mandatory vs nice-to-have criteria**
3. **Red flag answers** that should trigger escalation
4. **Scoring guidance** for comparing multiple vendors
5. **A short executive summary template** for the final recommendation

Keep the questions practical and specific enough to send directly to a vendor security contact.

Example Output

Security Section

1. Do you use customer prompts, files, or metadata to train foundation models by default? If yes, describe opt-out controls.

2. What admin roles exist, and can access be restricted with SSO and SCIM?

3. Are audit logs exportable for security investigations?

Red Flags

- Vendor cannot state where customer data is stored

- No documented subprocessors or incident notification window

- No way to disable training on customer content

Scoring Guidance

- Security and privacy: 40%

- Reliability and support: 20%

- Governance and contractual protections: 25%

- Cost and implementation risk: 15%

Tips for Best Results

  • 💡State whether regulated data is in scope because that changes the questionnaire substantially
  • 💡Include any internal security policies so the output maps to real review gates
  • 💡Ask for a one-page executive summary if leadership only wants a recommendation memo
  • 💡Request separate questions for pilots versus full production rollouts when needed

Try it with

ChatGPTClaudeGemini

Related Prompts

Business

One-Page Business Plan

Generate a concise, investor-ready one-page business plan covering all critical aspects of your venture.

ChatGPTClaudeGemini
Business

SWOT Analysis Framework

Conduct a thorough SWOT analysis with actionable strategies derived from each quadrant.

ChatGPTClaudeGemini
Business

Customer Persona Builder

Create detailed, research-backed customer personas that drive product and marketing decisions.

ChatGPTClaudeGemini