Why it matters

Vendor risk shapes overall risk. LLM vendors have unique concerns (data use, training).

Advertisement

The architecture

Assessment: SOC 2 + questionnaire + DPA + reference checks.

Vendor assessmentSOC 2 + auditsthird-party attestQuestionnairecustom questionsDPA + BAAcontractsLLM-specific: training data use, deletion, isolation between customers
Vendor risk.
Advertisement

How it works end to end

SOC 2 Type II: annual audit.

Data processing agreement.

LLM-specific: training data use, deletion, isolation.

Incident history.