AI Selection & Business Alignment
- Does the AI tool support a defined business objective?
- Have potential use cases and expected ROI been identified?
- Does the AI tool integrate with existing business applications?
Security & Compliance
- Does the AI provider comply with SOC 2, ISO 27001, or other relevant certifications?
- Are data privacy policies reviewed, ensuring no retention of sensitive data?
- Is access restricted based on user roles (RBAC)?
- Are AI interactions logged for security monitoring?
- Is the AI tool’s output reviewed for accuracy and bias?
Data Protection & Privacy
- Does the AI tool require company data input? If so, is data anonymized?
- Is customer data processed in compliance with GDPR, CCPA, or other regulations?
- Can AI-generated data be securely stored and deleted upon request?
Responsible AI Use & Governance
- Are employees trained on AI best practices and risks?
- Is there an AI Acceptable Use Policy in place?
- Are there human oversight processes for AI-driven decisions?
- Is AI-generated content clearly labeled and not used for deception?\
Vendor Due Diligence
- Has the vendor’s security posture been assessed?
- Does the vendor provide transparency on AI model training data?
- Is the AI tool continuously updated for security and compliance?
