Available Now

Know the risk of every
AI vendor you use.

Most companies adopt AI vendors the same way they adopt any SaaS — without a governance process. We build you a structured scorecard for every AI vendor, before procurement and on an ongoing basis. Delivered now as part of the Governance Build or Retainer.

Book a Discovery Call See the Governance Build →
[What It Does]

A scorecard for every vendor.
Before you sign, and after.

The Vendor Risk Console structures the due diligence most companies skip — and keeps it current as your vendors change their policies, their models, and their data practices.

📋

Pre-Procurement Assessment

Before you sign a new AI vendor, run them through a structured risk assessment mapped to EU AI Act, NIST RMF, and your industry requirements.

📊

Risk Scorecard

Every vendor gets a scorecard across data handling, model transparency, compliance documentation, incident response, and contractual protections.

🔔

Change Monitoring

Get notified when a vendor updates their data policy, changes their model, or gets flagged by a regulator. Catch the risk before it reaches your auditor.

📁

Evidence Archive

Every vendor assessment stored with timestamps. When your auditor asks for evidence of vendor due diligence, you have it — organized and exportable.

⚖️

Contractual Checklist

Standard contractual protections your vendor agreements should include — indemnification, audit rights, data governance, incident notification.

🤖

Cora's Review

Every scorecard is reviewed by Cora — ClearpathAI's AI Operator — before delivery. Consistent, thorough, and graded against a defined rubric every time.

Sample Vendor Scorecard
AI Document Review Tool · Assessed May 2026
Medium Risk
Data handling
80
Model transparency
55
Compliance docs
60
Incident response
40
Contractual protection
75
Illustration only. Actual assessments are conducted and reviewed by William McCann before delivery.
[When To Use It]

Three moments where
vendor risk gets you.

🛒

Before procurement

Most companies skip vendor risk assessment entirely before signing. The Vendor Risk Console makes it a structured, documented step — not an afterthought.

🔄

When vendors change

AI vendors update their models, their data policies, and their terms regularly. Most companies have no process for catching changes that affect their compliance posture.

📋

Before an audit

Auditors increasingly ask for evidence of third-party AI risk management. The console gives you documented assessments ready to produce on request.

[Frameworks]

Every assessment mapped to
the frameworks that matter.

Vendor risk scorecards are mapped to the specific articles and requirements your auditors will check — not generic best practices.

EU AI Act NIST AI RMF ISO 42001 SOC 2 AI Addendum SQF / FDA

Start with a
30-minute call.

We'll assess your current vendor landscape, score your highest-risk tools, and show you exactly what a structured vendor risk process looks like for your operation.

Book a Discovery Call
Cora
Cora
ClearpathAI · AI Governance

How can I help you today? I can answer questions, connect you with a partner, or get a meeting on the calendar.

Book a Meeting Partner Information
What AI governance challenge are you trying to solve?
Cora · just now
Privacy Policy