This message was posted by a user wishing to remain anonymous
As part of our TPRM process, vendors provide due diligence documentation that is typically designated as confidential and not to be shared externally.
If we store this information in our TPRM system and leverage AI capabilities within that platform to review or analyze the documentation, how should this be interpreted from a confidentiality and data usage perspective?
Would it be advisable to include specific language in our vendor contracts or NDAs to disclose and authorize the use of such systems, including AI-enabled tools, for due diligence review? Please provide guidance on how your organization handles this.