Run a structured due-diligence questionnaire before you buy an AI, LLM or GenAI tool. Score the vendor across data handling, security & certifications, privacy/DPA, model transparency, bias & fairness, IP & indemnification, reliability/SLA and exit/portability — get a weighted AI-risk score, a Low/Medium/High/Critical tier, a red-flag list, recommended contractual safeguards, and a Word due-diligence report. Word + CSV.
Answer each control: Yes / strong = evidenced & contractual (full marks), Partial = informal or unverified (half), No / unknown = absent or undisclosed (zero risk-mitigation = maximum risk), N/A = excluded with justification. Items marked CRITICAL carry extra weight; a No on any CRITICAL item is flagged as a red flag. The risk score is weighted — higher % means lower residual risk.
⚠️ This tool is a screening / indicative third-party AI risk aid — not legal advice and not a security audit. It maps to recognised frameworks (NIST AI RMF 1.0, ISO/IEC 42001:2023, ISO/IEC 27001, SOC 2, GDPR Art 28, EU AI Act) but does not certify a vendor. Validate vendor claims with evidence (certificates, pen-test letters, the DPA and sub-processor list) and have qualified legal/privacy/security counsel review any contract before signing.