AI Vendor Assessment

Generate your AI Vendor Assessment, in minutes

ISO 42001 / NIST AI RMF alignedExec summary + scored workbookProcurement Checklist included
Assess VendorSee sample output

  1. Configure your context

  2. AI drafts your output

  3. Download and share

  4. Review and refine

AI‑generated · Requires legal review before use

What you get

Four deliverables, three jobs

A single generation produces an Executive Summary Word document for sign-off, a 30-question scored Excel workbook for the working assessment (with the Evidence Request List on a dedicated tab inside it), and a companion Procurement Checklist — each tailored to your jurisdiction, industry, and chosen alignment framework.

Executive Summary (.docx)

One-page sign-off document with vendor recommendation (Approved / Conditional / Rejected), top risk flags, top strengths, and assessor sign-off block. Designed for board / exec review and paper sign-off.

Detailed Scored Assessment (.xlsx)

30-question framework across 6 weighted categories, aligned to ISO/IEC 42001 or NIST AI RMF (your choice). Excel formulas auto-sum category totals → overall %. Pass / Conditional / Reject thresholds, evidence guidance and regulatory call-outs per question.

Evidence Request List (in .xlsx)

Consolidated list of every document to request from the vendor — ready to paste into your vendor RFI. Grouped by question ID with rationale, on a dedicated tab inside the assessment workbook.

Procurement Checklist (.xlsx)

Companion procurement-readiness checklist — foundational items (DPA in place, encryption standards, sub-processor disclosure, incident-response). Generic, jurisdiction-tailored. Not a per-vendor scoring sheet — included alongside the assessment.

Assess Vendor

Generate your vendor assessment

Fill in your organisation and vendor details below. The more context you provide, the more precisely targeted your vendor assessment will be.

What you'll receive

Executive Summary (.docx) for sign-off
Detailed Scored Assessment (.xlsx) — 30 questions, 6 categories
Aligned to ISO 42001 / NIST AI RMF
Procurement Checklist (.xlsx) companion

Organisation & Vendor

Appears in the document header. Leave blank to use “Your Organisation”.

One vendor per assessment — generate a separate assessment for each vendor.

The specific AI product or service being assessed.

Risk Appetite

By completing checkout you’ll be added to the weekly Responsible AI Studio Brief unless you opt out via the unsubscribe link in any issue. See our Privacy Policy.

Please accept both checkboxes above to generate your assessment.

Not ready to buy? See a sample first →

Want the jurisdiction cheat sheet first? Free →

Your generated document will appear here.

Fill in the form and click Generate to begin.

By industry

Tailored guidance for your sector

Each industry page combines the same ai vendor assessment with sector-specific risks, regulator citations, and bias considerations drawn from the canonical overlay data.

By jurisdiction

Tailored to your regulatory context

Each jurisdiction page anchors the ai vendor assessment on the regulations that apply locally — top laws, key articles, and enforcement status — pulled from our maintained jurisdiction overlay.

Often bought together

Part of 2 bundles

Each bundle is anchored on a specific persona’s buyer journey. Standard sum-of-parts pricing — each tool is still purchased individually at its standard price (no subscription, no bundled checkout).

Your data — what we collect, keep, and share

What we collect

Your tool inputs — jurisdiction, industry, staff size, risk appetite, and an optional organisation name — plus a Stripe-processed payment. No account, no email required. Our hosting platform keeps minimal server logs (IP, timestamp) for security.

How long we keep it

Tool inputs are used to generate your document and are not retained after your session. Payment transaction metadata (ID, amount, timestamp) is kept for seven years, the retention period required by financial-records law.

Does it train any model

No. Your inputs are not used to train our AI models. Generation runs through Anthropic's API, which does not use API inputs for model training by default.

Where it is stored

Frontend on Vercel, backend on Railway, AI generation via Anthropic's API, payment via Stripe's PCI-DSS certified infrastructure. All data in transit is TLS-encrypted.

Full detail in the Privacy Policy.

Built to amplify your in-house expertise

These outputs support, rather than replace, your practitioners. Qualified human review is not optional — it is a core part of the process.

  • AI-generated — a first draft, not a finished legal instrument.
  • Qualified review by in-house or external practitioners required before implementation.
  • Regulation references reflect the position at the date of generation.

Full disclaimer

  1. Built to amplify your in-house expertise

    These documents support, and do not replace, qualified legal, clinical, or compliance practitioners. This output does not constitute legal advice. Consult your qualified in-house or external counsel before implementing or relying on any part of this document.

  2. Regulation currency

    Laws, regulations, and guidance cited are subject to change. Content reflects the position as at the date of generation and may not account for subsequent amendments, enforcement decisions, or judicial interpretations.

  3. Proposed legislation

    Where proposed or draft legislation is referenced — including the EU AI Liability Directive — such references describe legislation that has not been enacted. Its final form, scope, timing, and territorial application remain unconfirmed.

  4. AI output limitations

    AI output can contain errors or omissions. Do not rely on this document as a complete statement of your legal obligations or as a substitute for specialist compliance advice.

FAQ

Common questions about the AI Vendor Assessment

What jurisdictions does this tool cover?

All 14 jurisdictions: European Union, United Kingdom, United States, Canada, Australia, Singapore, China, Japan, India, Brazil, UAE, Switzerland, South Africa, and Global/International. Each output is cited to the jurisdiction's actual laws and regulations.

Which industries are supported?

All 14 industry sectors: Healthcare, Financial Services, HR & Recruitment, Legal & Professional Services, Education & EdTech, Retail & E-commerce, Manufacturing, Marketing & Advertising, Government, Energy, Transport, Insurance, Technology, and a Universal option for cross-sector use.

Is there a subscription or recurring cost?

No. Pay once per generation, view the output online, and download immediately. No monthly fees, no account required, no recurring charges.

Is the output legally binding or a substitute for legal advice?

No. Every output is an AI-generated starting-point document that amplifies your in-house expertise — it is not a substitute for qualified legal review. We include explicit regulatory citations and review notes; you should have a qualified lawyer or compliance professional sign off before implementation.

What is the refund policy?

We offer a 7-day money-back guarantee if the generated document fails to meet reasonable expectations for your stated jurisdiction and industry. See our refund policy for full details.

How many questions does the Vendor Assessment include and how is it scored?

A 30-question scored workbook covering data governance, model lifecycle, security, fairness, transparency, and incident response. Each question carries weighted scoring with auto-summing category totals; an Executive Summary Word doc is generated alongside for procurement sign-off.

Should I align to ISO/IEC 42001 or NIST AI RMF?

Both are supported — pick the framework that matches your existing governance baseline. ISO 42001 is certification-track and audit-friendly; NIST AI RMF is principles-based and US-aligned. The output includes a "which to pick when" callout and references the [ISO 42001 vs NIST AI RMF matrix](/resources/iso-42001-vs-nist-ai-rmf) for the full comparison.

Ready to build your
AI vendor assessment?

Generate a complete, 30-question scored vendor assessment with evidence requests and executive summary in minutes.

Assess Vendor