The Third Party / Vendor Risk Assessment feature enables organizations to assess AI systems provided or managed by external vendors. It allows you to send structured assessments, track responses, and view results directly alongside your internal AI inventory — closing a critical visibility gap in your AI governance program.
Many AI deployments rely on third-party tools, yet traditional governance processes lack consistency, traceability, and integration. This feature replaces ad hoc spreadsheets and email-based assessments with a standardized, auditable workflow that aligns vendor risk with your overall AI risk posture.
It also supports compliance requirements such as the NSW AI Assessment Framework (Circular DCS-2024-04), which mandates assessment of procured AI systems, and aligns with emerging global regulations like the EU AI Act, where supply-chain accountability is becoming essential.
Purpose
Third Party / Vendor Risk Assessment provides a structured way to evaluate both internally managed and externally sourced AI systems. It ensures that all AI — whether built in-house or supplied by vendors — is assessed using consistent templates, scored appropriately, and tracked within your governance framework.
- Centralize risk assessments for both internal and vendor AI systems
- Replace inconsistent email/spreadsheet processes with standardized workflows
- Link assessment results directly to your AI Inventory for full visibility
- Support regulatory compliance for procurement and third-party AI usage
This approach ensures your organization maintains end-to-end oversight of AI risk — including across the supply chain.
How It Works
Feature 1 – Run Risk Assessment (Internal / Self-Assessment)
Conduct assessments directly within the platform for AI systems or datasets you manage internally.
- Launch assessments from an AI Inventory or Dataset detail page
- Select from predefined risk assessment templates
- Complete structured questionnaires within the platform
- Automatically generate risk scores (Low, Moderate, High, Critical)
- Save and track results as part of your internal risk records
This flow is ideal for evaluating internally developed or managed AI systems.
Feature 2 – Send Assessment (External / Vendor Assessment)
Send structured assessments to external vendors or internal stakeholders without requiring platform access.
- Send assessments via email using secure, tokenized links
- No login required for recipients
- Choose between internal employee or external vendor recipients
- Track status from Pending → In Progress → Completed
- Automatically calculate and return risk scores upon completion
This enables seamless engagement with third parties while maintaining control and visibility.
Feature 3 – Assessment Tracking & Results
Monitor all assessment activity and view results in context.
- Track assessment status and completion progress
- View completed responses and calculated risk scores
- Surface vendor assessment results directly within the AI Inventory
- Maintain a complete audit trail of access and submissions
This ensures all assessment data is centralized, traceable, and actionable.
Feature 4 – Automated Reminders & Expiry
Ensure timely completion of assessments with built-in automation.
- Automatically send reminder emails based on configured intervals
- Set expiry periods for assessment links (default: 30 days)
- Reduce manual follow-up and improve response rates
Notes
Internal (“Run”) and external (“Send”) assessments use the same templates but follow different completion workflows
Vendor assessments are securely accessed via tokenized links and do not require user accounts
All assessment results contribute to your overall AI risk posture and governance reporting
This feature is essential for managing third-party AI risk and meeting procurement-related compliance obligations
Helps eliminate “blind spots” in AI governance by bringing vendor risk into the same system as internal AI risk