Third-party management
Using Saidot, you will be able to
Manage and evaluate AI third-party vendors, including AI models and system providers.
Ensure that responsibilities within the AI system lifecycle are allocated among the AI value chain actors.
Simplify and navigate third-party related information of an AI system, including models, evaluations and vendor terms.
Understand and manage third-party related risks.
Value chain accountability
The boom of generative AI, especially with foundational models like large language models (LLMs), has expanded the list of value chain actors in the AI ecosystem. This surge has led to a proliferation of entities leveraging these models to develop specialised applications, products, and services, thus democratising access to advanced AI capabilities. As a result, third-party developers, startups, and established companies are increasingly building upon these foundational models, accelerating innovation and customisation across various industries. The dependency on external parties for critical components of AI systems has intensified, making effective third-party management crucial for maintaining the integrity, security, and reliability of AI applications.
Third-party management necessitates that each value chain actor is accountable for their contributions and adheres to standards that ensure the overall integrity and performance of the AI system. It involves overseeing and coordinating with external entities that provide AI-related products, services, or data. This process is critical to ensuring the effective and ethical functioning of AI systems.
What is a third party in an AI context?
At Saidot, we categorise any external entity or organisation that provides a service or component integrated into the AI system, but not directly controlled or owned by the developers of the AI system, as a third-party vendor. This includes data for AI providers and external providers of models used in the AI system. While recognising that there are other service providers in a third-party context not directly connected to the AI system but somewhat linked, our methodology focuses on data for AI providers and external model providers because these elements are foundational to the AI system development and operation.
Third-party risks
Our governance methodology, which is aligned with ISO 42001, focuses on ensuring that responsibilities in the AI system lifecycle are allocated among AI value chain actors in a way that supports effective risk management. Third-party suppliers introduce various risks, including but not limited to contractual confusion, data breaches, algorithmic bias, or non-compliance with regulations. Using Saidot, you can identify and mitigate these risks.
How we analyse this
The use of third-party suppliers raises questions about data ownership, intellectual property rights, and responsibility for the AI system’s outputs. Saidot supports you in simplifying and navigating this information as contained in the third-party vendor's Terms and Conditions.
Firstly, we establish whether your organisation has existing policies for using other systems and assets. This allows us to identify potential synergies and conflicts between your established practices and the requirements of the third-party AI model.
To ensure responsible and effective AI deployment, we initiate a comprehensive evaluation of the supplier's AI model. This evaluation rigorously assesses the model's adherence to established ethical guidelines, such as fairness, transparency, and accountability, as well as relevant regulatory compliance, including the EU AI Act and industry performance benchmarks. Our analysis is thoroughly documented in our model library, providing a transparent record of the model's capabilities and limitations.
Contractual agreements are meticulously reviewed to delineate clear responsibilities, data ownership, output ownership, and liability parameters, aligning with industry standards like ISO 42001. Recognising that terms can vary significantly based on jurisdiction and individual agreements, we strongly recommend that clients provide us with their specific supplier agreements or terms. This collaborative approach enables our platform to tailor a robust governance framework that addresses potential risks stemming from third-party vendor interactions and ensures data governance aligns with your unique needs and regulatory landscape.
The Saidot platform facilitates ongoing third-party risk source management by continuously monitoring third-party vendor terms updates, ensuring alignment with your organisational goals and values.
Based on the ISO/IEC 42001:2023