AAISM · Question #124
An organization is looking to purchase an AI application from a vendor but is concerned about the security of its data. Which of the following is the MOST effective way to address this concern?
The correct answer is C. Ensure vendors disclose how the application uses the organization's data. Ensuring vendors explicitly disclose how they collect, process, store, and share the organization's data gives the organization concrete, actionable information to evaluate data security posture and negotiate protective contractual terms. This goes beyond surface-level assurance.
Question
An organization is looking to purchase an AI application from a vendor but is concerned about the security of its data. Which of the following is the MOST effective way to address this concern?
Options
- AMandate an AI security audit by an external auditor before procurement
- BInitiate discussions between the organization's and the vendor's legal teams
- CEnsure vendors disclose how the application uses the organization's data
- DAssess the vendor's publicly available AI usage policy
How the community answered
(54 responses)- A9% (5)
- B4% (2)
- C70% (38)
- D17% (9)
Explanation
Ensuring vendors explicitly disclose how they collect, process, store, and share the organization's data gives the organization concrete, actionable information to evaluate data security posture and negotiate protective contractual terms. This goes beyond surface-level assurance. Option A (external audit) is useful but typically occurs post-procurement and depends on vendor cooperation. Option B (legal discussions) addresses liability and contracts but does not directly reveal data handling practices. Option D (public policy review) reflects what a vendor chooses to publish, which may be incomplete or aspirational rather than operationally accurate.
Topics
Community Discussion
No community discussion yet for this question.