A procurement question set for testing provider claims about data use, retention, access, location, changes and incident response.
IF useful → CHECK boundary → HUMAN decision
Describe the proposed data flow before reading assurances
Checkpoint detail
Draw the route from the business system or user to the AI service, including connectors, subprocessors, logs, support access and the returned output. List categories rather than samples and mark prohibited material. Note who decides the purpose, who supplies each service and where outputs are stored afterwards. A security page or badge cannot answer whether the proposed configuration fits this particular flow. Ask the vendor to respond for the named product tier, region, features and contract version because consumer and business offerings, optional connectors and administrative controls may have materially different terms.
Clarify location, subprocessors and access control
Checkpoint detail
Identify processing and storage locations, international transfer arrangements where relevant, and the current subprocessor list with change notification. Ask what customer administrators can control: single sign-on, multi-factor authentication, roles, workspace separation, sharing, connector permissions, audit events and support access. Consider whether the smallest pilot can run without connectors or personal data. Vendor answers inform due diligence but do not themselves determine UK GDPR compliance or security suitability. Specialist advice may be required where the information, sector or downstream decision creates higher consequences.
Convert responses into conditions, gaps and a decision
Checkpoint detail
For each question, record evidence, contract location, owner and whether the answer is acceptable, requires a configuration, needs specialist review or remains unresolved. Do not average an unresolved prohibited-data issue against several good answers. Conditions should be testable, such as disabling training use, restricting accounts, excluding connectors and using synthetic material. Set a review date and stop conditions. The outcome may be manual work, a low-sensitivity assistive use, a bounded pilot or no use. This worksheet supports procurement and governance discussion; it is not legal advice, certification or a guarantee of vendor behaviour.
Ask how inputs and outputs are used and retained
Checkpoint detail
Request a clear answer on whether prompts, uploaded material, metadata, outputs or feedback are used to train or improve models, and whether this is disabled by contract, setting or account type. Ask for default and configurable retention periods, backup handling and deletion mechanics. Establish what remains after account closure and how deletion requests are verified. Terms such as ‘not used for training’ do not necessarily mean no logging or retention. Record exact documentation links and dates. If the answer depends on a toggle, name the administrator who will verify it before testing and after material updates.
Test deletion, incidents and service changes
Checkpoint detail
Ask how the provider detects and communicates security or privacy incidents, what information a customer receives and through which contact route. Establish export and deletion options, model or feature change notices, availability commitments if operationally important, and the process for objecting to amended terms. A workflow can become unsuitable when a default, model, connector or subprocessor changes even if its name stays the same. Assign an internal owner to review notices and pause use. For a pilot, practise removing test material and revoking access rather than assuming the documented control works as expected.
Practical vendor-question-register
AI supplier evidence register
Record answers for the exact product, tier, region and contract proposed; retain unresolved red flags individually.