What security criteria should I evaluate when selecting an AI vendor?

When evaluating AI vendor security, cover five key domains: data security (encryption, data isolation, retention policies, deletion capabilities, no-training guarantees); access control (MFA enforcement, role-based access, privileged access management, audit logging); compliance and certifications (SOC 2 Type II, ISO 27001, GDPR DPA availability, relevant sector certifications); AI-specific security (prompt injection defences, model access controls, training data security, adversarial input handling, output filtering); and operational security (incident response SLAs, vulnerability disclosure programme, penetration testing frequency, business continuity). AI vendors often have strong general security but weak AI-specific controls — the AI-specific domain typically reveals the most differentiation.

Does every AI vendor need a data processing agreement?

Yes. Under GDPR Article 28, if an AI vendor processes personal data on your behalf (as a data processor), you are required to have a data processing agreement in place before processing begins. This applies to AI services that process personal data in any form — including names, email addresses, or any other information relating to identifiable individuals in prompts, documents, or outputs. Many consumer AI services are structured as data controllers processing data for their own purposes (including model training) — in these cases, a DPA may not be available and using such services with personal data may not be GDPR-compliant regardless of other controls. Absence of a DPA is a disqualifying factor for AI vendors processing personal data.

What is a 'no-training' clause and why does it matter?

A no-training clause (also called a no-training guarantee or data exclusion clause) is a contractual commitment from an AI vendor that data you submit — prompts, documents, conversations — will not be used to train, fine-tune, or improve the vendor's AI models. This matters because if a vendor trains on your data, proprietary information, trade secrets, or personal data could effectively become part of the model and be surfaced in responses to other customers. Most enterprise AI tiers include no-training guarantees as standard (e.g. OpenAI Enterprise, Microsoft Copilot for M365, Google Workspace AI). Consumer tiers of the same products typically do not. Always verify the clause exists in the contract rather than relying on the vendor's marketing claims.

How often should AI vendor assessments be repeated?

AI vendors should be re-assessed at least annually as part of your standard vendor risk management cycle. Additionally, trigger a re-assessment when: the vendor announces a significant product change or model update; a new data category or more sensitive data will be processed; the vendor experiences a public security incident; the vendor is acquired or undergoes significant organisational change; your contract comes up for renewal; or a relevant regulatory change affects the vendor relationship. The AI vendor landscape is changing rapidly — a vendor that met your requirements 18 months ago may have significantly changed their data handling, training practices, or security posture.

Get your Free 90 Days Gen AI Risk Discovery Trial -90 Days Gen AI Risk Trial -Start Now

Book a demo

Free TemplateVendor Assessment

AI Vendor Evaluation Scorecard

A weighted 100-point scoring framework for evaluating AI vendors across 5 security domains. Score each vendor objectively and make defensible procurement decisions.

Updated March 2026 · 5 scored domains · GDPR Article 28, ISO 27001, SOC 2 aligned

Download Template Book Demo

100 pts

weighted scoring system

5 domains

security coverage

17 criteria

evaluation checkpoints

Free

to use and customise

Why AI Vendors Need Specialist Evaluation

Standard vendor security questionnaires were designed for SaaS and cloud infrastructure — not for AI. AI vendors introduce unique risks around data training, model inference, and AI-specific attack vectors that traditional vendor assessments miss entirely. Using this scorecard alongside your standard TPRM process ensures AI vendors are evaluated on the criteria that matter most.

63%

of enterprises use AI vendors without a DPA

Most organisations have not ensured GDPR-compliant data processing agreements are in place with their AI vendors, creating significant regulatory exposure.

41%

of AI vendors train on customer data by default

Without an explicit no-training clause, the default position of many AI services is to use customer prompts and data to improve their models.

78%

of vendor assessments miss AI-specific security criteria

Standard TPRM questionnaires do not cover prompt injection, model access controls, or AI output security — leaving critical gaps in vendor risk assessments.

3.5x

higher breach cost when AI vendor controls are absent

Data breaches originating from AI vendor weaknesses carry higher costs than average breaches due to the volume and sensitivity of data processed by AI pipelines.

The Vendor Evaluation Scorecard

Click each domain to expand the scoring criteria. Use the scoring guidance to allocate points and document justifications for each criterion.

Data security is weighted highest because AI vendors process your organisation's data in the model inference pipeline. Weaknesses here directly translate to data exposure risk.

Data encryption at rest and in transit8 pts

Verify AES-256 encryption at rest and TLS 1.2+ in transit. Request documentation showing encryption covers training pipelines, not just API transport. Score 8 if both verified with evidence, 4 if self-attested only, 0 if not confirmed.

No-training guarantee in contract8 pts

Contractual commitment that customer data (prompts, documents, outputs) is not used to train or fine-tune the vendor's models. This must be a contractual term, not a marketing claim. Score 8 if in writing in the DPA/contract, 0 if only in marketing materials or not available.

Data retention and deletion policy6 pts

Documented retention periods for all data categories processed (prompts, outputs, logs). Ability to request deletion and confirmation of deletion within a defined SLA. Score 6 if fully documented with deletion capability, 3 if partial, 0 if no documentation.

Customer data isolation5 pts

Verification that data from different customers is logically or physically isolated — particularly in multi-tenant inference environments. Score 5 if documented isolation architecture provided, 3 if attested, 0 if not addressed.

Data residency options3 pts

Ability to specify data processing location (e.g. EU-only for GDPR compliance). Score 3 if configurable with contractual commitment, 1 if regional deployment available but not contractual, 0 if no control.

Download Full Scorecard

How to Run a Vendor Evaluation

A scorecard produces useful outputs only when applied consistently. Follow these five steps to run an evaluation that produces defensible, comparable results across vendors.

Define the evaluation scope and data sensitivity

Before scoring, document what data the AI vendor will process (including data classification levels), what the use case is, and whether a DPA will be required. Higher data sensitivity should raise the minimum score threshold for approval.

Send the scorecard as a structured vendor questionnaire

Distribute the relevant sections to each vendor shortlisted. Request supporting evidence for all claims — SOC 2 Type II reports, ISO 27001 certificates, penetration test executive summaries, and draft DPAs. Set a clear response deadline.

Score each vendor independently before reconciling

Have two evaluators score each vendor independently against each criterion, then compare scores and resolve discrepancies. Independent scoring reduces bias and produces more defensible procurement decisions.

Verify high-stakes criteria with a technical review call

Do not rely solely on vendor self-attestation for critical criteria such as no-training guarantees, prompt injection controls, and incident notification terms. Schedule a 60-minute technical security review call with the vendor's security team to verify key claims.

Document final scores, decisions, and re-assessment dates

Record the final score for each vendor with scoring justifications. Document the approval decision, any conditional requirements, and the date for re-assessment (typically 12 months or when a material change occurs). Store documentation in your vendor risk management system.

Frequently Asked Questions

Monitor Your AI Vendors Continuously After Approval

A point-in-time vendor assessment captures your vendors' security posture on one day. Aona monitors all AI vendor usage across your organisation continuously — tracking which vendors employees are using, what data is being shared, and whether approved vendor controls are actually in effect.

Book a Demo

Related Resources

Aona AI Platform AI Risk Assessment Checklist AI Vendor Security Questionnaire All Templates

AI Vendor Evaluation Scorecard

Why AI Vendors Need Specialist Evaluation

The Vendor Evaluation Scorecard

How to Run a Vendor Evaluation

Frequently Asked Questions

Monitor Your AI Vendors Continuously After Approval

Product

Solutions

Resources

Compare

Compliance

Company

Contact