Before any third-party AI tool goes into your stack, run it through this 4-category risk matrix. The assessment takes 60-90 minutes and produces a score that drives a clear decision: approve, escalate, or reject.
How to Use This Template
Complete one form per AI tool. Fill in the information fields, score each category 1-5, total the scores, and apply the decision rule. File the completed form in your AI tool register.
Tool being assessed:
- Tool name and vendor:
- Tool version / API version:
- Requestor name and department:
- Assessment date:
- Proposed use case (what problem it solves, who uses it):
- Data types it will access:
- Systems it will connect to:
Category 1: Data Risk
Score the data exposure this tool creates.
| Question | Score 1 (low) | Score 3 (medium) | Score 5 (high) |
|---|---|---|---|
| What types of data will the tool access? | Non-personal, non-sensitive (product data, anonymized analytics) | Employee data, internal business data | Personal data of customers or EU residents; sensitive data (health, financial) |
| Does the tool train on your data? | No, explicitly opt-out by default | Training opt-out available, not default | Yes, trains on your data by default |
| Where is data processed and stored? | Your region; no international transfer | US or EU only; adequacy decision covers | Third countries without adequacy; unclear |
| Does the tool's DPA cover this data? | Full DPA signed, covers all use cases | DPA exists, partial coverage | No DPA; click-through terms only |
Category 1 Data Risk Score: _____ / 20
Normalize to 1-5: Divide by 4 → _____ (round to nearest integer)
Category 2: Access Risk
Score the access permissions this tool requires.
| Question | Score 1 (low) | Score 3 (medium) | Score 5 (high) |
|---|---|---|---|
| What system access does the tool require? | Read-only access to limited data | Read/write to internal systems | Admin access or broad API access to production systems |
| What is the blast radius if the tool is compromised? | Isolated; breach affects only the tool's data | Significant; breach affects a major system | Critical; breach affects customer data or core infrastructure |
| Are API keys or credentials shared with the vendor? | No; vendor never holds credentials | Temporary credentials; rotated regularly | Persistent credentials held by vendor |
| Is there an audit log of tool access? | Full audit log available | Partial logs available | No audit logging |
Category 2 Access Risk Score: _____ / 20
Normalize to 1-5: Divide by 4 → _____ (round to nearest integer)
Category 3: Vendor Risk
Score the vendor's security posture and business stability.
| Question | Score 1 (low) | Score 3 (medium) | Score 5 (high) |
|---|---|---|---|
| Security certifications | SOC 2 Type II or ISO 27001 certified | SOC 2 Type I or in-progress certification | No security certification |
| Breach or incident history | No known breaches in 3 years | Minor incidents, disclosed and remediated | Material breach in past 3 years; undisclosed incidents |
| Vendor stability | Established vendor; multiple years operating | Startup with funding; less than 2 years | Very early stage; unclear funding; acquisition target |
| Sub-processor disclosure | Full list published; change notification required | Partial list; some notification | Sub-processors not disclosed |
Category 3 Vendor Risk Score: _____ / 20
Normalize to 1-5: Divide by 4 → _____ (round to nearest integer)
Category 4: Regulatory Risk
Score the regulatory exposure this tool creates.
| Question | Score 1 (low) | Score 3 (medium) | Score 5 (high) |
|---|---|---|---|
| Does the tool's use case trigger GDPR Article 22? | No automated decisions affecting individuals | AI-assisted decisions; human in the loop | Fully automated decisions with significant effects |
| EU AI Act classification for this use case | Minimal risk (internal productivity only) | Limited risk (chatbot disclosure required) | High risk (Annex III domain: hiring, credit, education, etc.) |
| State law exposure (US) | No state-specific AI law applies | One or two state laws apply; manageable | Multiple state laws apply; AEDT disclosure required |
| Has a DPIA been completed (if required)? | Not required for this use case | Required and completed | Required; not yet completed |
Category 4 Regulatory Risk Score: _____ / 20
Normalize to 1-5: Divide by 4 → _____ (round to nearest integer)
Total Score and Decision
Category scores (each 1-5):
- Category 1 Data Risk: _____
- Category 2 Access Risk: _____
- Category 3 Vendor Risk: _____
- Category 4 Regulatory Risk: _____
Total: _____ / 20
| Score | Risk level | Decision |
|---|---|---|
| 4–8 | Low | Approve with standard controls |
| 9–12 | Medium | Approve; department head must sign risk acceptance |
| 13–16 | High | Executive approval required before deployment |
| 17–20 | Critical | Legal review required; consider rejecting; executive sign-off mandatory |
Decision: ☐ Approve ☐ Approve with conditions ☐ Reject
Approver name and title:
Conditions or required mitigations:
Review date (for tier-1 tools, annual):
Standard Controls (Required for All Approved Tools)
Regardless of score, every approved third-party AI tool must have:
- DPA signed or confirmed — add to AI vendor DPA tracker
- Training opt-out enabled if available
- Tool added to AI tool register with named Tool Owner
- Employees who will use it notified of approved use policy
- Inclusion in quarterly shadow AI audit
Using This Template for Embedded AI
When a SaaS vendor adds an AI feature to a product you already use, the same assessment applies. Work through the four categories for the new AI feature specifically — your existing DPA may not cover the new processing, the training data policy may differ from the base product, and the regulatory classification may change.
For a vendor-by-vendor review of how major SaaS tools handle AI governance, see governing embedded AI in third-party tools. For the deeper due diligence process before signing with a new AI vendor, see the AI vendor due diligence checklist.
