Unit 7: Managing Vendor Risk – Compliance When You Don’t Own the Tool
Use this simple checklist when evaluating any external AI tool:
✅ What does the tool do — and how?
✅ Is there documentation on how it was trained and tested?
✅ What risk level is it? (e.g., high-impact hiring or healthcare use)
✅ Is there a plan for human oversight or override?
✅ How does the vendor monitor performance over time?
🧠 Keep vendor answers on file. They may be needed during audits or investigations.
