This message was posted by a user wishing to remain anonymous
I run IT GRC for my company. A bit of background, we have data residency requirements for much of our customer information as it is shared with a government agency. As part of our due diligence we have an initial, high-level, security questionnaire that the proponent completes about the type of information the vendor will use, how it will be used and stored. Prior to an agreement being signed, there is a more detailed security questionnaire required.
Recently I have had discussions with legal and procurement about how our vendors are using AI to provide services to us. I am gong to have to drive how we view vendor use of AI. I am curious how others have included the use of AI in their RFPs, security questionnaires and agreements.
I appreciate any information you can provide.
Charles