RT AI TOOLKIT

Section 3/5: Vendor Risk Issues

Your organisation may be engaging vendors when licensing off-the-shelf AI Systems from them. This section does not apply when your organisation engages developers to jointly develop bespoke AI Systems. The complexities and legal risks arising from such collaborative arrangements would be much higher.

Are your organisation’s contracts with vendors comprehensive in covering the ownership and rights over the data input into the AI Systems?

 
 
 
 
 

Are your organisation’s contracts with vendors comprehensive in covering the following issues regarding the data input into the AI Systems?

a) Contractual liability; and
b) Data protection/privacy?

 
 
 
 
 

Are your organisation’s contracts with vendors comprehensive in covering ownership and rights over the output generated by the AI Systems?

 
 
 
 
 

Are your organisation’s contracts with vendors comprehensive in covering the following issues regarding the output generated by the AI Systems?

a) Contractual liability; and
b) Data protection/privacy?

 
 
 
 
 

Is the acceptable use policy to which the organisation is subject aligned with the organisation’s business requirements?

 
 
 
 
 

Are your organisation’s contracts with vendors comprehensive in covering the cyber security posture of the AI Systems?

 
 
 
 
 

Do your organisation’s contracts with its vendors stipulate for the parties’ compliance with the Data Privacy Act and its implementing rules and regulations? 

 
 
 
 
 

In the event of any data sharing between your organisation and your vendor/s using AI Systems, is such data sharing covered by a data sharing agreement or any similar document?

 
 
 
 
 

Does your organisation have policies and procedures on the exercise of data subject rights in connection with the processing of their personal data using AI Systems?

 
 
 
 
 

Question 1 of 9