AI Third-Party Risk Management: Vendor Assessment Checklist Australia
Most Australian businesses don’t build AI in-house; they buy it. They subscribe to ChatGPT, hire agencies to train models, contract vendors for customer service bots, or embed third-party APIs into applications. With that delegation comes risk. The OAIC, APRA, and ASIC all share a principle: if your vendor’s AI fails, your organisation is liable. You can’t outsource accountability. This guide provides a structured approach to assessing AI vendor risk and a 20-point due diligence checklist tailored to Australian regulatory expectations.
Why Third-Party AI Risk Is Often Overlooked
Vendors present themselves as specialists—their risk management, their liability, their oversight. But regulators see it differently. The Privacy Act 2024 holds *your* organisation accountable for personal information, regardless of who processes it. APRA CPS 230 (effective 2025) requires you to assess material service providers, including AI vendors, as if they were your own critical functions. ASIC expects you to understand and explain the AI systems influencing your customer advice or decisions. You can’t hide behind vendor responsibility; you own the consequences.
Core Risk Areas: What to Assess
Data Residency and Sovereignty: Where does your data live? If your vendor processes Australian personal information in the US, you’re subject to US surveillance laws (FISA Section 702). Australian regulators have flagged this. Ensure data processing and storage are in Australia or jurisdictions with equivalence. Contractually prohibit unauthorised cross-border transfers.
Security Certifications and Controls: Does the vendor hold ISO 27001 (information security)? SOC 2 Type II? What about penetration testing and vulnerability disclosures? Request a security questionnaire (many vendors provide pre-signed templates). Look for evidence, not just claims. A vendor without third-party audits is a red flag.
Sub-Processor Chain Transparency: Your vendor uses another vendor, who uses another—it’s turtles all the way down. Privacy Act 2024 expects you to know and approve sub-processors. Request a list. If your vendor won’t provide transparency, that’s a dealbreaker. Can they commit to notify you of sub-processor changes within 30 days? Can you object or switch?
AI Training Data Usage: The October 2024 OAIC guidance flags this explicitly: how is your data used to train the vendor’s models? Are your inputs used to fine-tune a model that other customers access? Is your data fed into a public model? Insist on contractual language: your data is not used for training purposes, or it’s anonymised before use, or you have explicit opt-in consent. For sensitive sectors (health, finance, law), this is non-negotiable.
Incident Response and SLAs: If the vendor has a security breach or system outage, what’s their commitment to you? Response time? Notification timeline (Privacy Act requires you to notify within 30 days of discovering a breach)? Remediation? Service credits if they miss SLAs? Get it in writing.
Financial Stability: Is the vendor solvent? If they’re startup-funded, what’s their runway? If they’ve had layoffs, is the engineering team stable? A vendor that goes bust leaves you without recourse. Request recent financials or ask their bank/investors for stability signals. For material vendors, conduct quarterly financial health checks.
The 20-Point AI Vendor Due Diligence Checklist
Data and Privacy (5 items):
1. Vendor processes Australian personal information only in Australia or approved jurisdictions (certified by vendor legal opinion).
2. Vendor provides written commitment that customer data is not used to train third-party models without explicit consent.
3. Vendor lists all sub-processors in writing; commits to 30-day notice of changes; allows customer objection/termination rights.
4. Vendor has a published Privacy Policy aligned with Privacy Act 2024 and GDPR (or equivalent).
5. Vendor has conducted a Privacy Impact Assessment (PIA) and shares relevant findings with customers.
Security and Resilience (5 items):
6. Vendor holds ISO 27001 certification or equivalent (SOC 2 Type II acceptable as interim).
7. Vendor conducts annual third-party penetration testing with reports shared (under NDA if needed).
8. Vendor has a documented incident response plan; commits to breach notification within 24 hours.
9. Vendor maintains backups; has recovery time objective (RTO) and recovery point objective (RPO) documented for customer data.
10. Vendor provides an uptime SLA of 99.5% or higher; offers service credits for breaches.
AI-Specific Controls (5 items):
11. Vendor has documented their AI model’s training data sources; commits to non-bias testing and mitigation.
12. Vendor can explain model decisions (explainability); for high-risk AI, provides feature importance or rationale outputs.
13. Vendor monitors model performance in production; commits to alerting customers of material drift or accuracy degradation.
14. Vendor has a governance framework for AI changes (e.g., model updates); notifies customers and allows testing before forcing upgrades.
15. Vendor can audit trails customer interactions and decisions made by their AI system for compliance review.
Financial and Legal (5 items):
16. Vendor provides proof of financial stability (recent financials, investor backing, or bond insurance).
17. Vendor indemnifies you against claims that their AI system infringes third-party intellectual property.
18. Vendor’s contract includes liability caps appropriate to the risk (e.g., multiples of annual fees, or uncapped for data breaches/IP infringement).
19. Vendor commits to continue service for a defined notice period if they exit the market; shares customer data in a portable format on exit.
20. Vendor’s contract permits your independent audits and regulatory access for compliance investigations.
Contract Protections You Must Insist On
Data Processing Agreement: If the vendor processes personal information on your behalf, you must have a Data Processing Agreement (DPA) under Privacy Act 2024 principles. Specify: scope of data processed, purpose, duration, vendor obligations, sub-processor management, breach notification, data subject rights, audit rights, and termination clauses.
AI-Specific Addendum: Beyond a standard DPA, your AI vendor contract needs clarity on: training data usage, model explainability commitments, performance monitoring and SLAs, change control for model updates, testing rights pre-deployment, and liability for algorithmic failures.
Incident Response and Escalation: Define severity levels (e.g., data breach, service outage, model failure). Specify notification timeframes, escalation paths, and your authority to suspend or terminate if incident response is inadequate.
Audit and Right to Inspect: Reserve the right to audit the vendor’s controls, review security assessments, and inspect their AI governance. Many vendors resist; insist anyway. Frame it as mutual benefit: you’re not looking to punish; you’re managing your regulatory obligations.
Ongoing Monitoring and Review Cadence
First assessment happens before contract signature. Then: annual refresh (minimum) on all material vendors, quarterly health checks on high-risk vendors (e.g., those handling sensitive data or powering critical decisions), incident-triggered reviews if the vendor has a breach or outage, and continuous scanning for regulatory changes that affect vendor expectations (e.g., new Privacy Act guidance). Assign a vendor manager accountable for these reviews. Build it into your risk register: each vendor is a potential risk entry, monitored and escalated as needed.
Frequently Asked Questions
Q: Can we use a vendor without a DPA?
A: Not if they’re processing personal information. Privacy Act 2024 makes it mandatory. If a vendor refuses, they’re not Privacy Act compliant—find another. Some vendors (e.g., ChatGPT for public use) argue the customer is the data controller, so no DPA is needed. But if you’re processing customer data in ChatGPT (even for non-training purposes), a DPA clarifies obligations. Get legal advice for your specific use case.
Q: What if we can’t get all 20 items from a vendor?
A: Prioritise based on risk. For vendors handling personal information or influencing material decisions, items 1–5, 6–8, 11–13, and 16–20 are non-negotiable. For non-sensitive uses (e.g., internal analytics on anonymised data), you can accept gaps. Document your risk acceptance: why did we proceed despite incomplete due diligence? Board approval helps.
Q: How often do we need to re-assess vendors?
A: Annual refresh minimum. Quarterly for vendors handling sensitive data or critical functions. More often if regulations change or incidents occur. Assign this to a vendor manager; it’s a scalable task if you have 5+ vendors.
Q: What if a vendor is acquired or restructured?
A: Treat it as a major change. Request updated documentation: new owner’s policies, security certifications, sub-processor changes, financial stability under new ownership. You may have termination rights in the contract if ownership changes materially. Review your contract’s change-of-control clause.
Call to Action
Vendor due diligence is thorough but non-negotiable. If you’re assessing vendors for the first time or renewing contracts with existing vendors, contact Anitech for a guided vendor risk assessment, or book a consultation to review your current vendor contracts and identify gaps. We’ll help you build a vendor risk register and monitoring cadence that satisfies APRA, Privacy Commissioner, and ASIC expectations.