Before you send a single prompt to a third-party AI provider, ask these 25 questions. They cover data handling, security posture, compliance certifications, technical capabilities, and business terms. Score each vendor. Compare the results. Make an informed decision.
AI vendor selection is one of the highest-risk procurement decisions your organization will make. Unlike traditional software, AI vendors process your data through opaque models, retain inputs for uncertain periods, and often use your data to improve their products — sometimes without explicit consent. The consequences of a poor vendor choice range from data breaches and regulatory fines to competitive intelligence leakage and irreversible vendor lock-in.
Most AI vendor evaluations focus on model capabilities — benchmark scores, response quality, feature sets. Those matter. But for organizations with sensitive data, the foundational questions are about data handling, security, and exit strategies. A brilliant model is useless if it requires you to hand over your crown jewels to a third party.
These questions determine what happens to your data after you send it to the vendor. They are the most important questions in this framework — get them wrong, and nothing else matters.
| # | Question | Weight | What to Listen For |
|---|---|---|---|
| 1 | Do you retain our input data after processing? If so, for how long and for what purpose? | Critical | Green flag: "We do not retain inputs beyond the processing session." Red flag: "We retain data for model improvement unless you opt out." or vague timelines. |
| 2 | Is our data used to train or improve your models — either directly or through aggregated/derived datasets? | Critical | Green flag: "Customer data is never used for model training." Red flag: "We use anonymized/aggregated data." (Anonymization of LLM inputs is not reliable.) |
| 3 | Who owns the outputs generated by your AI system? Can you guarantee we have unrestricted rights to use, modify, and distribute them? | High | Green flag: "Customer owns all outputs with no restrictions." Red flag: Output ownership limited by license terms or usage restrictions. |
| 4 | Can we request complete deletion of our data (inputs, outputs, logs, metadata) on demand? What is the deletion timeline and how is it verified? | Critical | Green flag: "Deletion in the first month with written certification." Red flag: "Deletion subject to backup retention policies" without specific timelines. |
| 5 | What subprocessors have access to our data? Can we review their security certifications and data handling practices? | High | Green flag: Full subprocessor list with security documentation available. Red flag: "We reserve the right to add subprocessors with 30 days notice" without customer approval rights. |
Questions 1–2 are disqualifiers. If a vendor retains your data or uses it for training, and your data is sensitive (PHI, NPI, CUI, trade secrets, privileged communications), the vendor is not suitable regardless of model quality. Questions 3–5 are high-weight — poor answers here create contractual and operational risk that compounds over time.
These questions assess the vendor's security posture — how they protect your data while it's in their environment, who can access it, and how they respond when things go wrong.
| # | Question | Weight | What to Listen For |
|---|---|---|---|
| 6 | How is our data encrypted at rest and in transit? Who manages the encryption keys — you or us? | High | Green flag: AES-256 at rest, TLS 1.3 in transit, customer-managed keys available. Red flag: Vendor-managed keys only; no customer key management option. |
| 7 | What access controls govern employee access to customer data? Can you demonstrate that your employees cannot view raw customer inputs? | Critical | Green flag: "No employee can access raw customer data. Access is programmatic only with audit logging." Red flag: "Trained employees may review data for quality assurance." or inability to demonstrate technical controls. |
| 8 | What is your incident response process? How quickly will you notify us of a breach affecting our data? What are your notification obligations under your contract? | High | Green flag: Notification within 24–72 hours, detailed incident report in the first month, contractual breach notification obligation. Red flag: Notification "as soon as reasonably possible" without defined timeline. |
| 9 | How frequently do you conduct penetration tests? Can you share the most recent pen test summary (redacted if necessary)? Who conducts them — internal team or independent third party? | High | Green flag: Annual third-party pen tests, summaries available to customers, findings remediated within defined SLAs. Red flag: Internal pen tests only, or unwillingness to share summaries. |
| 10 | How do you manage supply chain security for your AI models and software dependencies? Do you maintain a Software Bill of Materials (SBOM)? | Medium | Green flag: SBOM available, dependency scanning in CI/CD, vendor security assessments for third-party components. Red flag: No SBOM, no formal supply chain security program. |
Question 7 is a critical differentiator. Vendors whose employees can access raw customer data introduce human risk that cannot be mitigated by technical controls alone. Questions 6, 8, and 9 are standard enterprise security requirements — any vendor claiming enterprise readiness should have strong answers. Question 10 is increasingly important given AI-specific supply chain risks (model poisoning, backdoored libraries, compromised training data).
These questions verify the vendor's compliance posture — certifications, audit rights, regulatory alignment, and contractual commitments.
| # | Question | Weight | What to Listen For |
|---|---|---|---|
| 11 | What security and privacy certifications do you currently hold (SOC 2, ISO 27001, HIPAA, FedRAMP)? Can you provide the most recent audit report? | High | Green flag: SOC 2 Type II, ISO 27001, relevant industry certifications with current reports available. Red flag: "SOC 2 in progress" or certifications older than 12 months. |
| 12 | Do you offer audit rights in your contract? Can we conduct or commission a third-party audit of your security controls? | High | Green flag: Annual audit rights or acceptance of independent SOC 2 report. Red flag: No audit rights; reliance on self-assessment only. |
| 13 | How does your platform align with our specific regulatory requirements (HIPAA, GLBA, GDPR, CMMC, etc.)? Can you provide a compliance mapping document? | High | Green flag: Compliance mapping available, specific controls mapped to regulatory requirements. Red flag: Generic "we're compliant" claims without documentation. |
| 14 | What are your breach notification obligations under our contract? Do they align with our regulatory notification timelines (e.g., 72 hours for GDPR, 60 days for HIPAA)? | Critical | Green flag: Contractual notification within timelines that satisfy your regulatory obligations. Red flag: Notification timelines that exceed your regulatory deadlines. |
| 15 | What liability do you accept for data breaches, compliance violations, or AI-generated errors? Is there a liability cap, and does it apply to data breaches? | High | Green flag: Uncapped liability for data breaches, clear indemnification for compliance violations. Red flag: Liability capped at contract value, exclusions for data breaches or AI errors. |
Question 14 is often overlooked but critical. If the vendor's breach notification timeline exceeds your regulatory deadline, you're non-compliant by association. Question 15 determines your financial exposure — a liability cap at contract value means the vendor's maximum financial risk for a data breach is the amount you pay them, which is often a fraction of the actual damage.
These questions assess the vendor's technical capabilities — model provenance, performance, integration, scalability, and reliability.
| # | Question | Weight | What to Listen For |
|---|---|---|---|
| 16 | What is the provenance of your AI models? Were they trained on licensed, proprietary, or publicly scraped data? Can you provide documentation of training data sources? | Medium | Green flag: Training data sources documented, copyright-cleared datasets, model cards available. Red flag: "Proprietary training data" without further detail; unwillingness to discuss sources. |
| 17 | What performance benchmarks can you provide for our specific use case? Can we run a proof of concept with our own data before committing? | High | Green flag: POC available, benchmarks on relevant datasets, willingness to test with your data. Red flag: Benchmarks only on standard datasets; no POC option. |
| 18 | What integration options do you support (API, SDK, webhooks, EHR/CRM connectors)? Do you support on-premise or VPC deployment? | High | Green flag: REST API, SDKs for major languages, on-premise/VPC deployment option. Red flag: API-only, cloud-only deployment, proprietary integration framework. |
| 19 | What are your scalability limits (concurrent requests, rate limits, context window)? How do you handle load spikes and what happens when you hit capacity? | Medium | Green flag: Clear rate limits, auto-scaling, dedicated capacity options, graceful degradation. Red flag: Undisclosed limits, no dedicated capacity, service degradation without notice. |
| 20 | What is your uptime SLA? What is your actual uptime over the past 12 months? What compensation do you provide for downtime? | Medium | Green flag: 99.9%+ SLA with service credits, transparent uptime history. Red flag: No SLA, or SLA below 99.5% for production-critical workloads. |
Question 18 is a strategic differentiator. Vendors that offer on-premise or VPC deployment options allow you to keep data within your network boundary — the same advantage that BPI's model provides. Question 16 addresses an emerging legal risk: AI models trained on copyrighted or improperly licensed data may expose customers to downstream liability. Question 17 is practical — always validate with your own data before committing.
These questions cover the commercial terms — pricing, exit strategy, lock-in risks, support, and future roadmap.
| # | Question | Weight | What to Listen For |
|---|---|---|---|
| 21 | What is your pricing model? Are there hidden costs (data egress, API calls beyond quota, support tiers, model version upgrades)? | High | Green flag: Transparent per-use or flat pricing, no egress fees, included support. Red flag: Complex tiered pricing, egress fees, support as paid add-on. |
| 22 | What is our exit strategy if we decide to stop using your service? Can we export our data, configurations, and customizations in a portable format? | Critical | Green flag: Full data export in standard formats, no exit fees, configuration portability. Red flag: Proprietary export formats, data export fees, loss of customizations. |
| 23 | What lock-in risks exist? If we fine-tune a model or build custom integrations, can we transfer them to another provider? | Critical | Green flag: Fine-tuned models exportable in standard formats (GGUF, safetensors), open APIs. Red flag: Fine-tunes locked to platform, proprietary integration framework. |
| 24 | What support SLAs do you offer? What is your actual response time for critical issues? Do you provide dedicated support for enterprise customers? | Medium | Green flag: Defined SLAs (1-hour critical response), dedicated account manager, 24/7 support. Red flag: Community support only, business-hours support for critical issues. |
| 25 | What is your product roadmap? How do you communicate changes that may affect our deployment (model updates, API changes, deprecations)? | Medium | Green flag: Public roadmap, 6–12 month deprecation notice, backward compatibility commitments. Red flag: No public roadmap, breaking changes with short notice. |
Questions 22–23 are the most important business questions. Vendor lock-in in AI is particularly dangerous because it's often technical, not just contractual. Proprietary fine-tunes, platform-specific integrations, and custom prompt templates can make switching vendors as costly as building from scratch. Always plan the exit before you commit.
Use this framework to score each vendor systematically. Score each question on a scale of 1–5, then weight by the category importance.
| Category | Questions | Weight | Rationale |
|---|---|---|---|
| Data Handling | 1–5 | 30% | Data handling is foundational. Poor answers here disqualify the vendor regardless of other strengths. |
| Security | 6–10 | 25% | Security controls protect your data while in the vendor's environment. Critical for sensitive data. |
| Compliance | 11–15 | 20% | Compliance alignment determines whether the vendor can operate within your regulatory framework. |
| Technical | 16–20 | 15% | Technical capabilities determine whether the vendor can meet your functional requirements. |
| Business | 21–25 | 10% | Business terms affect long-term cost, flexibility, and risk. Important but secondary to data and security. |
For each category, calculate the average question score, then multiply by the category weight. Sum the weighted category scores for the total vendor score (maximum 5.0).
Regardless of total score, disqualify any vendor that receives a score of 1 on any of the following questions:
This evaluation framework is designed for assessing third-party AI vendors. But there is an alternative that eliminates the need for vendor evaluation entirely: on-premise AI. When you deploy AI on your own infrastructure, you are both the buyer and the provider. The 25 questions above become internal design decisions rather than vendor negotiation points.
BPI bridges the build-vs-buy gap. We deploy AI on your infrastructure — your hardware, your network, your data. We never receive, store, or process your data. Our Zero Data Touch model gives you the expertise of a vendor with the data protection of on-premise deployment. We build, train, and hand off. You own everything.
Learn more about our Privacy-First AI service, explore what we do across industries, or book a consultation to discuss whether on-premise AI is the right fit for your organization.
Comprehensive checklist covering HIPAA, GLBA, GDPR, SOC 2, CMMC, FERPA, and more. Use alongside this evaluation framework.
Read Guide →How BPI deploys AI without ever receiving, storing, or processing your data. The alternative to vendor risk.
Learn More →Browse our full library of technical guides — architecture walkthroughs, RAG pipelines, and compliance checklists.
View All Guides →Book a free 30-minute consultation. We'll review your vendor shortlist, discuss the risks you've identified, and whether on-premise AI eliminates those risks entirely. No pressure. No pitch deck.
Book a Free ConsultationNo commitment. No sales pitch. Just a conversation. We respond within 24 hours.