Sample preview

Buyer questionnaire export

Buyer: Northwind Bank · Request: AI and Security Due Diligence

Buyer question	Draft answer	Evidence links	Confidence	Owner	Review status	Missing proof
Do you use AI to process candidate data?	Yes. AcmeHR uses AI to summarize CVs and rank candidates for recruiter review.	Product spec, DPIA draft	Medium confidence	CTO	Needs review	Human oversight approval
Do you use automated decision-making in hiring workflows?	No final hiring decision is fully automated; recruiters remain responsible for decisions.	Human Oversight Procedure	Medium confidence	Legal	Needs review	Legal approval
Do you disclose AI chatbot usage to customers?	Yes. The support chatbot disclosure is approved for buyer sharing.	Chatbot Disclosure Copy	High confidence	Customer Success Lead	Approved	No missing proof
Do you maintain a list of AI subprocessors?	Yes. OpenAI and Intercom are tracked as AI subprocessors for relevant features.	OpenAI Vendor Review	Medium confidence	Legal	Drafted	Subprocessor page review
Do you have a vulnerability disclosure process?	A vulnerability disclosure policy is maintained for AcmeHR API.	Vulnerability Disclosure Policy	Low confidence	Security	Missing proof	Public policy URL
Can you provide a DPIA for AI-assisted CV processing?	A DPIA draft exists and requires legal review before sharing.	DPIA Draft for CV Summarization	Medium confidence	Head of Product	Needs review	Legal approval
Do you have human oversight for high-impact AI outputs?	Recruiters review AI-assisted outputs before customer-impacting decisions.	Human Oversight Procedure	Medium confidence	CTO	Drafted	Owner sign-off
Can you provide evidence of model evaluation?	Model evaluation notes are mapped but need final review before sharing.	Model Evaluation Notes	Medium confidence	CTO	Needs review	Bias testing report