Before any third-party AI tool goes into your stack, run it through this 4-category risk matrix. The assessment takes 60-90 minutes and produces a score that drives a clear decision: approve, escalate, or reject.
TL;DR: Before approving any third-party AI tool, run it through a 4-category risk assessment: (1) data risk, what data will the tool access and process?; (2) access risk, what systems and permissions does the tool require?; (3) vendor risk, does the vendor have adequate DPA, security certifications, and breach history?; (4) regulatory risk, does the tool's use case trigger GDPR Article 22, EU AI Act high-risk classification, or state employment AI law? Score each category 1-5. Total score above 12 requires executive approval; above 16 requires legal review before deployment. This template should be completed before every new AI tool is added to your stack, including embedded AI features in existing SaaS tools.
How to Use This Template
Complete one form per AI tool. Fill in the information fields, score each category 1-5, total the scores, and apply the decision rule. File the completed form in your AI tool register.
Tool being assessed:
- Tool name and vendor:
- Tool version / API version:
- Requestor name and department:
- Assessment date:
- Proposed use case (what problem it solves, who uses it):
- Data types it will access:
- Systems it will connect to:
Category 1: Data Risk
Score the data exposure this tool creates.
| Question | Score 1 (low) | Score 3 (medium) | Score 5 (high) |
|---|---|---|---|
| What types of data will the tool access? | Non-personal, non-sensitive (product data, anonymized analytics) | Employee data, internal business data | Personal data of customers or EU residents; sensitive data (health, financial) |
| Does the tool train on your data? | No, explicitly opt-out by default | Training opt-out available, not default | Yes, trains on your data by default |
| Where is data processed and stored? | Your region; no international transfer | US or EU only; adequacy decision covers | Third countries without adequacy; unclear |
| Does the tool's DPA cover this data? | Full DPA signed, covers all use cases | DPA exists, partial coverage | No DPA; click-through terms only |
Category 1 Data Risk Score: _____ / 20
Normalize to 1-5: Divide by 4 → _____ (round to nearest integer)
Category 2: Access Risk
Score the access permissions this tool requires.
| Question | Score 1 (low) | Score 3 (medium) | Score 5 (high) |
|---|---|---|---|
| What system access does the tool require? | Read-only access to limited data | Read/write to internal systems | Admin access or broad API access to production systems |
| What is the blast radius if the tool is compromised? | Isolated; breach affects only the tool's data | Significant; breach affects a major system | Critical; breach affects customer data or core infrastructure |
| Are API keys or credentials shared with the vendor? | No; vendor never holds credentials | Temporary credentials; rotated regularly | Persistent credentials held by vendor |
| Is there an audit log of tool access? | Full audit log available | Partial logs available | No audit logging |
Category 2 Access Risk Score: _____ / 20
Normalize to 1-5: Divide by 4 → _____ (round to nearest integer)
Category 3: Vendor Risk
Score the vendor's security posture and business stability.
| Question | Score 1 (low) | Score 3 (medium) | Score 5 (high) |
|---|---|---|---|
| Security certifications | SOC 2 Type II or ISO 27001 certified | SOC 2 Type I or in-progress certification | No security certification |
| Breach or incident history | No known breaches in 3 years | Minor incidents, disclosed and remediated | Material breach in past 3 years; undisclosed incidents |
| Vendor stability | Established vendor; multiple years operating | Startup with funding; less than 2 years | Very early stage; unclear funding; acquisition target |
| Sub-processor disclosure | Full list published; change notification required | Partial list; some notification | Sub-processors not disclosed |
Category 3 Vendor Risk Score: _____ / 20
Normalize to 1-5: Divide by 4 → _____ (round to nearest integer)
Category 4: Regulatory Risk
Score the regulatory exposure this tool creates.
| Question | Score 1 (low) | Score 3 (medium) | Score 5 (high) |
|---|---|---|---|
| Does the tool's use case trigger GDPR Article 22? | No automated decisions affecting individuals | AI-assisted decisions; human in the loop | Fully automated decisions with significant effects |
| EU AI Act classification for this use case | Minimal risk (internal productivity only) | Limited risk (chatbot disclosure required) | High risk (Annex III domain: hiring, credit, education, etc.) |
| State law exposure (US) | No state-specific AI law applies | One or two state laws apply; manageable | Multiple state laws apply; AEDT disclosure required |
| Has a DPIA been completed (if required)? | Not required for this use case | Required and completed | Required; not yet completed |
Category 4 Regulatory Risk Score: _____ / 20
Normalize to 1-5: Divide by 4 → _____ (round to nearest integer)
Total Score and Decision
Category scores (each 1-5):
- Category 1 Data Risk: _____
- Category 2 Access Risk: _____
- Category 3 Vendor Risk: _____
- Category 4 Regulatory Risk: _____
Total: _____ / 20
| Score | Risk level | Decision |
|---|---|---|
| 4-8 | Low | Approve with standard controls |
| 9-12 | Medium | Approve; department head must sign risk acceptance |
| 13-16 | High | Executive approval required before deployment |
| 17-20 | Critical | Legal review required; consider rejecting; executive sign-off mandatory |
Decision: ☐ Approve ☐ Approve with conditions ☐ Reject
Approver name and title:
Conditions or required mitigations:
Review date (for tier-1 tools, annual):
Standard Controls (Required for All Approved Tools)
Regardless of score, every approved third-party AI tool must have:
- DPA signed or confirmed, add to AI vendor DPA tracker
- Training opt-out enabled if available
- Tool added to AI tool register with named Tool Owner
- Employees who will use it notified of approved use policy
- Inclusion in quarterly shadow AI audit
When to Re-Run the Assessment
The initial risk assessment is not a permanent approval. Three events should trigger a re-assessment for a previously approved tool:
Material vendor change. If the vendor updates its DPA, changes its data retention policy, adds or changes sub-processors, or acquires a new parent company, the original risk profile may no longer be accurate. Vendor notification emails about terms changes are the primary signal, set up alerts for the key vendors in your stack.
Expanded use case. If your team starts using an approved tool in a new way, especially if the new use touches more sensitive data or a different system, the expanded use case needs to be assessed separately. The approval for "ChatGPT for internal marketing copy drafts" does not cover "ChatGPT for summarizing customer support transcripts that include account data."
Annual review for tier-1 tools. Any tool scoring 13 or higher on the original assessment (high or critical risk) should be re-assessed annually. Lower-risk tools can be reviewed in the quarterly register review without a full re-assessment.
Document the re-assessment date and outcome in the AI tool register. A re-assessment that finds no change is still worth recording, it shows the oversight process is running.
Using This Template for Embedded AI
When a SaaS vendor adds an AI feature to a product you already use, the same assessment applies. Work through the four categories for the new AI feature specifically, your existing DPA may not cover the new processing, the training data policy may differ from the base product, and the regulatory classification may change.
For a vendor-by-vendor review of how major SaaS tools handle AI governance, see governing embedded AI in third-party tools. For the deeper due diligence process before signing with a new AI vendor, see the AI vendor due diligence checklist.
Related Reading
- Shadow AI policy for small teams - How to detect unsanctioned AI tools and build a 3-tier governance system without enterprise DLP
- Governing embedded AI in third-party tools
- AI vendor due diligence checklist
- AI vendor DPA tracker
- AI governance for small teams, complete guide
- Privacy-first AI APIs, GDPR-safe selection guide
