For IT · Procurement · Security Review Board

AI Vendor Intake Form.

Twelve fields covering what your governance team needs to know before approving a new AI vendor or AI feature inside an existing vendor. Aligned in vocabulary with NIST AI RMF — does not satisfy or meet the framework on its own, and contains no pre-set pass/fail criteria. Your review board decides outcomes. Pairs with the AI System Card (the post-deployment documentation that comes after approval).

Intake fields

Pre-filled with a synthetic example. Replace as you go — the preview updates live.

1 · Vendor + product name

2 · Requesting team + sponsor

3 · Use case description

4 · Data sent to vendor (check all that apply)

5 · Data retention by vendor

6 · Model training opt-out

7 · Customer impact if vendor fails or misbehaves

8 · Alternatives considered

9 · Vendor security posture (notes from your review)

10 · Subprocessors disclosed

11 · Termination + data export plan

12 · Review board notes + conditions

Export

Preview updates as you type. Keep the export in your own governance system of record.

What this is — and is not

What it is: a single-page intake structure aligned in vocabulary with NIST AI RMF (Govern · Map · Measure · Manage). Twelve fields covering what review boards consistently ask before approving a new AI vendor or a newly-added AI capability inside an existing vendor.

What it isn't: an approval framework, a regulatory submission, a vendor security assessment, or legal advice. KG ships no pre-set pass/fail criteria — your governance team owns the decision. A completed intake form does not certify, satisfy, or transfer liability under any framework.

Browser-only — your inputs stay in this tab. Frameworks referenced: NIST AI RMF 1.0, EU AI Act, ISO/IEC 42001:2023.

AI Vendor Intake Form.

Intake fields

Export Copy markdown✓ Download JSON

What this is — and is not

Export