Why it matters
Vendor risk shapes overall risk. LLM vendors have unique concerns (data use, training).
Advertisement
The architecture
Assessment: SOC 2 + questionnaire + DPA + reference checks.
Advertisement
How it works end to end
SOC 2 Type II: annual audit.
Data processing agreement.
LLM-specific: training data use, deletion, isolation.
Incident history.