🇺🇸 United States · AI Vendor Assessment
A three-artifact deliverable: an Executive Summary Word document for sign-off (recommendation, top risk flags, top strengths, sign-off block), a 30-question scored Excel workbook with auto-summing category totals and an Evidence Request List tab, and a companion Procurement Checklist with foundational readiness items. Aligned to ISO/IEC 42001:2023 Annex A or the NIST AI Risk Management Framework — your choice at form time.
The output is anchored on the regulations that apply to AI deployments in US. The top frameworks cited:
Developers of covered ADMT must give deployers technical documentation (intended uses, categories of training data, known limitations, usage instructions); deployers must notify individuals before ADMT use in a consequential decision and disclose an adverse outcome within 30 days; consumers may request data correction and meaningful human review. Core obligations begin 1 January 2027.
AI developers and deployers must avoid prohibited uses, provide clear disclosures when consumers interact with AI in consequential contexts, conduct algorithmic-discrimination assessments for in-scope systems, and report adverse incidents to the Texas Attorney General. Compliance with NIST AI RMF and recognised standards is treated as a rebuttable presumption of reasonable care.
Businesses must disclose automated decision-making logic upon consumer request, allow opt-out of profiling for targeted advertising or significant decisions, and conduct and document risk assessments for high-risk data processing activities.
Operators of bots that interact with California consumers in commercial or electoral contexts must clearly and conspicuously disclose that the consumer is communicating with a bot, with the disclosure designed to inform a reasonable person communicating with the bot. Disclosure must not be hidden behind interaction or buried in a privacy notice.
You describe the vendor (name and product or service) and your organisation's context — jurisdiction, industry, staff size, risk appetite — and choose your alignment framework: ISO/IEC 42001:2023, NIST AI RMF, or both. The tool produces a structured, evidence-based assessment ready to hand to your procurement, legal, and information-security teams.
The Executive Summary Word document is a one-page sign-off artifact — recommendation (Approved / Conditional / Rejected), top three risk flags, top three strengths, sign-off block. The detailed Excel workbook is the working assessment instrument: 30 questions across six weighted categories, with evidence guidance, regulatory call-outs, and an auto-summing scoring sheet. Both are AI-assisted drafting aids intended to accelerate review by qualified practitioners.
$29 · one-time — answer a 6-question intake (including jurisdiction = US), and download your tailored document immediately.
Assess Vendor →Also available framed for your sector → see industry-specific pages