Generative AI vendor risk questionnaire template: the 60-question 2026 update

Standard SaaS vendor risk questionnaires (VRQs) miss the AI-specific risk surface by design - they were built for an era when "vendor risk" meant SOC 2 plus an encryption checklist. Generative AI vendors and AI-feature embeddings inside non-AI SaaS introduce a different set of failure modes, regulatory triggers, and contractual asks. This template is the 60-question VRQ Areebi recommends to enterprise procurement and CISO teams, organised into six sections with every question cross-referenced to a primary source standard: the Shared Assessments SIG 2024 update, the CSA Cloud Controls Matrix v4.1, ISO/IEC 27036, NIST SP 800-161r1, and HHS HIPAA Risk Analysis guidance. Score the answers using the Areebi AI vendor risk score tool. Updated 2026-05-20.

A vendor risk questionnaire is most useful when it forces the vendor to produce evidence, not just confident answers. The 60 questions below are written to require either a documented artefact, a specific control reference, or a defensible explanation. Generic "yes" answers should fail the question.

Practical guidance:

• Tier the questions. Some questions are dealbreakers (a "no" disqualifies); some are scored (affects ranking); some are informational (used to inform the implementation plan or the contract negotiation). Tiering is a function of your data classes, sector, and regulatory exposure. The Areebi AI vendor risk primer covers the underlying methodology.
• Use the AI vendor risk score tool as the scoring rubric. The tool generates a per-vendor scorecard that aggregates answers into a comparable score across vendors, with category-level breakdowns and remediation recommendations.
• Score on evidence, not assertions. Ask for the SOC 2 control reference, the architecture diagram, the policy document, the audit log sample, the customer reference, the certification artefact.
• Re-score annually, and at any material change. AI vendor capability and risk posture are moving fast; an answer that was good 12 months ago may be out of date today. Bake re-assessment into the renewal cycle and any major capability change.
• Map answers to your control set. Each question carries a citation to the source standard. Use the citation to tie vendor answers to your own control framework (NIST AI 600-1, ISO 42001, your risk register).

The template is designed to mesh with the Areebi AI Control Plane RFP template (when the buyer is selecting a control plane) and the cyber insurance + AI guide (when the underwriter is asking for the same evidence).

This section establishes what the vendor actually provides - which model, which provider, which deployment shape, which agentic capabilities, which subcontractors. Reference standards: SIG 2024 update (Section A, Information Security Risk), NIST SP 800-161r1 (supply chain risk management), and the EU AI Act Article 28 (general-purpose AI model provider obligations).

1. Which foundation model(s) underpin the service? Name the provider, model family, and version range. (SIG 2024, NIST SP 800-161r1)
2. Is the underlying model open weights, proprietary closed, or hybrid? Specify licence terms. (SIG 2024)
3. Is the model self-hosted, hosted by a third-party inference provider, or hosted by the original model provider? Name the hosting party. (NIST SP 800-161r1, CSA CCM v4.1)
4. What fine-tuning, RAG, or system-prompt customisation does your service apply on top of the underlying model? Provide a high-level architecture diagram. (NIST AI 600-1, SIG 2024)
5. Does the service include agentic capabilities (tool use, autonomous actions, multi-step planning)? If yes, document the action surface and the human-in-the-loop checkpoints. (NIST AI 600-1 MS.AI-2, the Areebi agent governance primer)
6. List every named subprocessor in the data path, including foundation model providers, inference providers, hosting infrastructure, and any monitoring or analytics provider. (ISO/IEC 27036, GDPR Article 28)
7. What is your change management process for swapping the underlying model, and how is the customer notified? (SIG 2024, NIST AI 600-1 MS.AI-3)
8. How do you version-pin model behaviour for customer testing, and what is the deprecation timeline for older model versions? (NIST AI 600-1)
9. Provide model cards or equivalent documentation for every model used, including the underlying provider's model card and any service-specific addenda. (NIST AI 600-1, the Areebi model cards primer)
10. What is your jurisdictional footprint for model inference and training data residency, and does it include any restricted jurisdictions? (GDPR Chapter V, ISO/IEC 27036)

This section establishes how customer data is handled at training, fine-tuning, RAG ingestion, inference, and retention. Reference standards: SIG 2024 update (Section P, Privacy), GDPR Articles 5, 25, 28, 32, HHS HIPAA Risk Analysis guidance, and ISO/IEC 27036 supplier information security.

11. Is customer prompt or output data used for model training, either by your service or by the underlying model provider? Provide the relevant data processing addenda. (GDPR Article 28, SIG 2024 Section P)
12. What data classes are permitted in prompts, and what mechanisms enforce that boundary? Reference any DLP controls at the prompt layer. (SIG 2024, the Areebi AI DLP primer)
13. How is customer data segregated at training time, at fine-tuning time, and at inference time? Provide the tenancy model documentation. (CSA CCM v4.1, ISO/IEC 27036)
14. What is your data retention policy for prompts, outputs, fine-tuning data, audit logs, and system logs? Provide the retention table. (GDPR Article 5, HHS HIPAA Risk Analysis)
15. Can the customer require zero-retention on prompts and outputs by contract or configuration? (SIG 2024, GDPR Article 28)
16. What is your data deletion process on contract termination, including any cached or derived data? Provide the deletion certificate template. (GDPR Article 17, ISO/IEC 27036)
17. Where is data processed and stored at each stage of the pipeline, including any cross-border transfers? Provide the data residency map. (GDPR Chapter V, CSA CCM v4.1)
18. What lawful basis applies to your processing of customer data for service operation, model improvement, and any analytics purposes? (GDPR Article 6)
19. If protected health information (PHI) may be present, are you a willing HIPAA Business Associate, and will you execute a Business Associate Agreement? Provide your most recent HIPAA Risk Analysis summary. (HHS HIPAA Risk Analysis, the Areebi HIPAA compliance hub)
20. How do you detect and respond to data leakage via prompt injection, model output, or retrieval augmentation pipelines? Reference your detection and response playbook. (NIST AI 600-1, the Areebi prompt injection deep dive)

This section establishes the technical security controls protecting customer data and service availability. Reference standards: CSA Cloud Controls Matrix v4.1, NIST SP 800-161r1, SIG 2024 Section A, and ISO/IEC 27036.

21. Do you maintain SOC 2 Type II certification with AI-relevant criteria mapped? Provide the most recent report, and reference the Areebi SOC 2 + AI workloads mapping for what is expected. (AICPA TSC)
22. Do you maintain ISO/IEC 27001 certification, and is ISO/IEC 42001 (AI Management System) in your roadmap or already in place? (ISO 27001, ISO 42001)
23. Provide your latest penetration test summary, including any AI-specific testing of the prompt and model layer. Reference the Areebi AI red teaming guide for what an AI penetration test should cover. (NIST SP 800-161r1, CSA CCM v4.1)
24. What is your encryption posture for data in transit, data at rest, and any cache or derived data layers? Provide the cryptographic catalogue. (CSA CCM v4.1, NIST SP 800-161r1)
25. What identity and access controls govern customer access, support access, and developer access to customer data? Reference the privileged-access workflow. (CSA CCM v4.1, the Areebi AI firewall primer for the runtime control surface)
26. How do you detect and respond to prompt injection and jailbreak attempts targeting customer prompts or outputs? Provide detection rule samples. (NIST AI 600-1, the Areebi prompt injection prevention guide)
27. How do you mitigate model supply-chain risk, including malicious models on public hubs, poisoned training data, and compromised inference dependencies? Reference the Areebi model supply chain security guide and the AI supply chain security primer. (NIST SP 800-161r1)
28. What is your secrets management posture for API keys, fine-tuning credentials, and any tool-call authentications used by agentic features? (CSA CCM v4.1)
29. What is your vulnerability management cadence, including patch SLAs for the model serving stack and any open-source model components? Provide the SLA table. (CSA CCM v4.1, NIST SP 800-161r1)
30. How is the audit log captured for security events, AI interactions, and policy enforcement? Provide a sample log entry showing the fields collected. (NIST AI 600-1, the Areebi AI audit primer and audit log overview)

This section establishes how the vendor positions against applicable regulations and how the customer can obtain audit evidence. Reference standards: SIG 2024 Section N (Compliance), EU AI Act, GDPR, ISO/IEC 42001, HHS HIPAA Risk Analysis guidance.

31. List every applicable regulation you are bound by directly (as a data processor, service provider, or in your own right). Include EU AI Act, GDPR, DORA, HIPAA, sectoral and jurisdictional regimes. (SIG 2024 Section N, the Areebi AI compliance landscape)
32. What is your EU AI Act classification for the use case the customer is purchasing? Provide your reasoning and any relevant conformity assessment status. (EU AI Act, the Areebi EU AI Act compliance guide and the EU AI Act readiness checker)
33. What audit rights does the customer have under your standard contract? Reference the audit clause language. (GDPR Article 28, DORA Article 30, ISO/IEC 27036)
34. Can the customer or the customer's auditors inspect your AI controls on site, virtually, or via attestation? Specify the conditions. (SIG 2024, ISO/IEC 27036)
35. Provide the most recent independent assessment of your AI controls (third-party AI audit, ISO 42001 surveillance report, AI red team summary, or equivalent). (ISO 42001, NIST AI 600-1, the Areebi ISO 42001 12-month roadmap)
36. Do you participate in continuous attestation programmes (FedRAMP, StateRAMP, CRI Profile, sectoral) relevant to the customer? (NIST SP 800-161r1, the Areebi FedRAMP 20x impact on AI vendors)
37. What is your incident notification timeline for security incidents, privacy breaches, and AI-specific incidents (model misbehaviour, agentic action errors)? Reference the timeline against DORA Article 17 (4-hour initial, 72-hour intermediate, 1-month final), GDPR Article 33 (72-hour), HIPAA Breach Notification Rule (60-day), and the Areebi AI incident response runbook. (DORA, GDPR, HIPAA)
38. What is your evidence retention for compliance-relevant artefacts (audit logs, policy versions, training records, vendor risk assessments)? Provide the retention table. (SIG 2024 Section N, ISO/IEC 27036)
39. How do you support customer regulator inquiries, including production of artefacts within regulator-imposed timelines? (GDPR Article 28, DORA Article 30)
40. Provide your AI bill of materials (AIBOM) for the service the customer is purchasing. Reference the Areebi AIBOM playbook. (NIST AI 600-1, NIST SP 800-161r1)

This section establishes how the service operates day-to-day, including availability, performance, incident response, and observability. Reference standards: SIG 2024 Section O (Operations), CSA CCM v4.1, ISO/IEC 27036, NIST AI 600-1 Manage function.

41. What is your service availability SLA for the AI service, including any model-specific SLAs and exclusions? Provide the SLA table. (SIG 2024 Section O)
42. What is your business continuity and disaster recovery posture for the AI service, including model fallback in the event of a foundation model provider outage? (CSA CCM v4.1, the Areebi open source versus proprietary LLM analysis for the fallback architecture)
43. How do you monitor model performance over time, including drift detection, output toxicity, and hallucination rate? Reference the Areebi AI agent monitoring guide and the model drift primer. (NIST AI 600-1 Manage function)
44. What observability does the customer get over their own usage, including per-interaction logs, policy enforcement events, and performance metrics? Reference the Areebi AI observability primer. (SIG 2024 Section O, NIST AI 600-1)
45. How is rate-limiting and abuse prevention handled, including measures against credential abuse and runaway agentic loops? Reference the Areebi AI rate limiting primer. (CSA CCM v4.1)
46. What is your support response time for incidents affecting the customer, broken down by severity tier? Provide the support matrix. (SIG 2024 Section O)
47. What is your status page and notification posture for service-affecting events? Provide the public URL. (CSA CCM v4.1)
48. How do you handle model deprecation with customer notification, migration period, and any service guarantees during the transition? (NIST AI 600-1)
49. What is your change management process for material changes to the service, including model swaps, prompt-template changes, and policy default changes? (SIG 2024, CSA CCM v4.1)
50. How do you measure and report on customer trust signals (CSAT, NPS, support tickets per customer)? Provide the most recent trust report. (SIG 2024 Section O)

The final section translates the operational answers into contractual obligations that survive the procurement cycle. Reference standards: GDPR Article 28, DORA Article 30, ISO/IEC 27036, EU AI Act, SIG 2024 Section L (Legal).

51. Will you sign the customer's data processing addendum incorporating GDPR Article 28 mandatory clauses without material modification? (GDPR Article 28)
52. Do your contracts include the DORA Article 30 mandatory provisions for EU financial entity customers? Reference the Areebi DORA + AI guide. (DORA Article 30)
53. Do you accept the customer's right to audit, including any successor right held by the customer's regulator? Reference the audit cooperation clause. (GDPR Article 28, DORA Article 30)
54. What is your liability cap structure for security incidents, privacy breaches, and AI-specific incidents (including hallucination-caused harms, agentic system errors, deepfake-aided fraud)? (SIG 2024 Section L, the Areebi cyber insurance + AI piece)
55. What insurance coverage do you carry for the customer's potential exposure, including AI-specific endorsements? Provide certificates. (SIG 2024 Section L)
56. What is your indemnification posture for IP claims arising from model output (training data IP, generated output IP, deepfake claims)? Provide the indemnification clause. (SIG 2024 Section L)
57. What termination rights does the customer have on material change of service (model swap, capability removal, change of subprocessor)? Reference the change-of-service clause. (DORA Article 30, ISO/IEC 27036)
58. What exit assistance do you provide on termination, including data export, model state, and fine-tuning artefacts? Provide the exit playbook. (DORA Article 30, ISO/IEC 27036)
59. What is your subcontracting consent posture, including notification timelines for changes in the subprocessor list? Reference the subprocessor clause. (GDPR Article 28, DORA Article 30)
60. What is your dispute resolution and governing law posture, including any AI-specific arbitration or mediation provisions? (SIG 2024 Section L)

The 60 questions above are an evidence-collection exercise; the decision still requires a scoring rubric. The Areebi AI vendor risk score tool takes the answers, applies category weights tuned to the customer's data classes and sector, and outputs a composite score with category-level breakdowns and remediation recommendations.

Recommended scoring discipline:

• Per-question scoring on three dimensions: evidence quality (was an artefact produced, or only a claim), control maturity (is the control operating today versus planned), and contract enforceability (is the answer reflected in the contract clauses on offer).
• Section-level weights tuned to the use case. For a healthcare customer purchasing a clinical AI workflow, section 2 (data governance) and section 4 (compliance and audit) carry disproportionate weight; the Areebi HIPAA clinical AI playbook covers the sectoral specifics. For a financial-services customer in the EU, section 4 (compliance and audit) and section 6 (contractual) carry the DORA weight.
• Veto items. Some questions are veto items - a "no" disqualifies regardless of the composite score. Common veto items: refusal to sign GDPR Article 28 DPA, refusal to commit to zero-retention, refusal to disclose the foundation model provider, refusal of customer audit rights.
• Score banding. Map the composite score to action bands - approve, approve with conditions, escalate to AI Governance Committee, decline.
• Document the decision. Whichever band the score lands in, the rationale should be documented in the vendor risk register with the named approver, the date, and the next review date. The Areebi 1-year retrospective section 5 (vendor performance) builds on this register at the annual mark.

Pitfall 1: Sending the same questionnaire to every vendor. A 60-question questionnaire to a low-risk vendor wastes both sides' time and produces low-quality answers. Tier the questionnaire by data class, criticality, and regulatory exposure. The Areebi AI vendor risk primer covers the tiering methodology.

Pitfall 2: Accepting claims without artefacts. "Yes we encrypt at rest" is not evidence; the cryptographic catalogue is. The questionnaire is most valuable as an evidence-collection forcing function, not as a yes/no checklist.

Pitfall 3: Scoring once and never re-scoring. Vendor posture changes - foundation models swap, subprocessors change, certifications lapse or are added. Annual re-scoring at minimum, plus event-driven re-scoring for material changes. The build vs buy piece touches on the re-scoring discipline.

Pitfall 4: Ignoring AI features in non-AI SaaS. The questionnaire should apply to AI features quietly enabled inside existing SaaS contracts, not just to net-new AI vendor procurements. The 90-minute shadow AI hunt playbook covers the discovery posture.

Pitfall 5: Treating contract terms as separate from the questionnaire. Section 6 (contractual) is the section that converts answers into enforceable obligations. A strong score in sections 1-5 with weak contract clauses in section 6 leaves the customer exposed at the moment of an incident.

Areebi's vendor inventory, risk scoring, and audit log capabilities are designed to make the questionnaire a recurring discipline rather than a one-off submission.

Vendor inventory. The Areebi platform reconciles procurement-side vendor records with the runtime vendor footprint - catching AI features quietly enabled inside non-AI SaaS that procurement would otherwise miss.

AI vendor risk score tool. The vendor risk score tool is the scoring rubric for the answers above. It applies category weights, scores against the source standards cited per question, and outputs a composite score plus remediation recommendations. Several customers use the tool's output as the cover sheet for the vendor risk register entry.

Per-interaction audit log. The Areebi audit log captures the operational record that backs up the answers vendors give to questions like Q30 (audit log fields), Q43 (model performance monitoring), and Q44 (customer observability). Customers using the audit log can verify vendor claims against their own usage telemetry.

DLP and policy engine. The Areebi DLP layer and policy engine enforce the data-class boundaries that Section 2 of the questionnaire describes - regardless of the vendor's posture - so that data leakage exposure can be capped at the customer's perimeter even if a vendor's controls are weaker than the customer would prefer.

For comprehensive evidence collection, the Areebi AI Governance Assessment packages the customer's own evidence in the same shape vendors are expected to provide - which both speeds up the customer's own answers to other customers' questionnaires and grounds the customer's evaluation of vendor responses.

The references below are the primary sources cited throughout this post. All URLs were verified at the time of publication.

• Shared Assessments SIG (Standardized Information Gathering) Questionnaire 2024 update - the cross-industry baseline VRQ that this template extends for AI specifics.
• CSA Cloud Controls Matrix v4.1 - the cloud-specific control framework underpinning Sections 3 and 5.
• ISO/IEC 27036 - the supplier-information-security standard underpinning Sections 1, 2, 4, and 6.
• NIST SP 800-161r1, Cybersecurity Supply Chain Risk Management - the federal baseline for supply chain risk relevant to AI providers.
• HHS HIPAA Risk Analysis guidance - the sectoral baseline for healthcare-relevant questions, particularly Q19 and the HIPAA-specific elements of Q31, Q37.
• NIST AI 600-1, Generative AI Profile (July 2024) - the AI-specific control overlay referenced throughout.
• Regulation (EU) 2024/1689 (EU AI Act) on EUR-Lex - the EU obligations underpinning Sections 1, 4, and 6.

From questionnaire to operating discipline, this cluster is the natural path.

• AI vendor risk score tool - the scoring rubric for the answers collected via this questionnaire.
• AI Control Plane RFP template - the companion artefact when the buyer is selecting a control plane.
• Cyber insurance + AI exclusions - the underwriting counterpart to the same evidence library.
• 1-year AI governance retrospective - the annual rhythm that revisits vendor scores in aggregate.
• AIBOM playbook - the artefact behind Q40.