Vendor Due Diligence

Assessment

Detailed Explanation

Vendor due diligence is the structured investigation of an AI vendor's or partner's capabilities, security practices, data handling procedures, compliance posture, financial stability, support quality, and contractual terms before entering a business relationship or deploying their technology. For AI vendors specifically, due diligence must cover model provenance, training data legality, bias testing practices, intellectual property encumbrances, performance guarantees, and the vendor's own AI governance maturity. For organizations, inadequate vendor due diligence can result in deploying AI systems that carry hidden risks the organization inherits but did not knowingly accept. In COMPEL, vendor due diligence is part of the third-party and supply chain AI governance covered in Module 3.4, Article 6, and the vendor ecosystem operating integration of Module 4.4, Article 8.

Why It Matters

Understanding Vendor Due Diligence is essential for organizations pursuing responsible AI transformation. In the context of enterprise AI governance, this concept directly impacts how organizations design, deploy, and oversee AI systems particularly within the Governance pillar. Without a clear grasp of Vendor Due Diligence, organizations risk creating governance gaps that undermine trust, compliance, and long-term value realization. For AI leaders and practitioners, Vendor Due Diligence provides the conceptual foundation needed to make informed decisions about AI strategy, risk management, and stakeholder engagement. As regulatory frameworks such as the EU AI Act and standards like ISO 42001 mature, proficiency in concepts like Vendor Due Diligence becomes not merely advantageous but operationally necessary for any organization deploying AI at scale.

COMPEL-Specific Usage

Assessment concepts underpin the evidence-based approach of the COMPEL framework. The Calibrate stage uses assessment methodologies to establish baselines, while the Evaluate stage applies them to measure progress. COMPEL mandates that every governance decision be grounded in assessment data, not assumptions, ensuring transformation roadmaps address verified gaps. The concept of Vendor Due Diligence is most directly applied during the Calibrate and Evaluate stages of the COMPEL operating cycle. Practitioners preparing for COMPEL certification will encounter Vendor Due Diligence in coursework aligned with the Governance pillar, and should be prepared to demonstrate applied understanding during assessment activities.

Related Standards & Frameworks

ISO/IEC 42001:2023 Clause 9.1 (Monitoring and Measurement)
NIST AI RMF MEASURE function