Education & Guidance (EG)
Vendors Domain - HAIAMM v3.0
Practice Overview
Objective: Give the workforce the literacy to recognize AI/HAI vendors in their day-to-day tools and route them through the intake gate, and give the small reviewer population (Security, Procurement, Legal/Privacy, TPRM) the specific skills to run AI-vendor reviews consistently. Shadow AI reduction via awareness is the primary L1 outcome.
Description: EG-Vendors delivers two training tracks at L1: (1) workforce-level AI vendor literacy for every employee, "what counts as an AI vendor, what the AUP says, how to submit intake, where the amnesty path lives", and (2) role-based training for the intake reviewers who must make consistent judgments on training-data posture, DPA adequacy, model provenance, and EU AI Act deployer duties. It also runs the communication campaigns that make shadow AI uncomfortable to hide and sanctioned AI easy to adopt.
Context: Shadow AI is usually a literacy problem first and a policy problem second. Employees adopt ChatGPT, Cursor, or a vendor's freshly-shipped "AI assistant" without realizing it is a new third party receiving organizational data, and reviewer roles were trained on classic vendor assessment, not on questions like "does the vendor train on our data by default?" or "who is the named deployer oversight?". L1 closes that gap at both levels with minimum viable training, not a full curriculum.
Maturity Level 1
Objective: Deliver foundational AI-vendor literacy to ≥95% of the workforce and role-based AI-vendor-review training to 100% of intake reviewer roles, with an active shadow AI awareness campaign
At this level, the organization makes AI-vendor recognition and intake routing part of basic workforce literacy, and equips the reviewer population with the specific skills needed to assess AI vendors, not just vendors.
Dependencies
- PC-Vendors L1 (required): the three priority policies (AUP, Intake, Data-Sharing) and the priority compliance map are the teaching object, training without published policies is hollow.
- SM-Vendors L1 (required): the program charter, sponsor, and inventory define the scope, authority, and "what exists today" that training references.
- Alignment (not a hard dependency): enterprise LMS, existing security-awareness program, existing procurement training, extend rather than replace.
- Supports / unblocks: every downstream practice, reviewers who can't distinguish "AI vendor" from "classic SaaS" will not produce useful threat models (TA), requirements (SR), or design reviews (DR).
Desired Outcomes
- Any employee can identify an AI vendor in a tool they use, knows the AUP rules that apply, and knows how to submit an intake (or disclose prior use under amnesty) in under 5 minutes.
- The intake reviewer population (Security, Procurement, Legal/Privacy, TPRM) produces consistent, evidence-backed decisions, two reviewers independently asked the same AI-vendor intake arrive at the same risk tier and the same DPA/AI-addendum requirements.
- Shadow AI disclosures increase in the first two quarters after launch (awareness working), then decrease as the sanctioned catalog grows (adoption working).
- EU AI Act deployer duties are not abstract, every reviewer can explain what human oversight, logging, and disclosure obligations mean for the vendor in front of them.
- Training content is updated quarterly as the AI vendor landscape and the sanctioned catalog change, it doesn't rot.
Activities
A) Ship workforce-level AI vendor literacy training
A single short course (≤20 minutes) every employee takes on hire and refreshes annually, tied to the AUP attestation from PC-Vendors L1.
Content (minimum): - What counts as an AI vendor, consumer GenAI, AI-embedded SaaS (including inside vendors already approved for other uses), AI coding assistants, AI APIs, AI agent platforms. Concrete examples employees recognize. - The AUP in five rules, approved catalog, prohibited data classes, personal-account prohibition, output-review duty, disclosure obligation. - How to submit intake, one URL, one form, one SLA. Fast-track path for parent vendors already approved. - Amnesty path, how to disclose prior unsanctioned use without penalty. Named owner. - Recognizing AI features inside existing tools, the biggest blind spot; a short gallery of common ones (Notion AI, Slack AI, Zoom AI Companion, Copilot add-ons, Gemini in Workspace). - "Before you paste" decision aid, a 10-second check for regulated, confidential, or customer-identifying data.
Delivery: LMS module + 1-page reference card on the intranet + channel-pinned summary in team Slack/Teams. No role gating, everyone takes the same workforce-level module.
B) Deliver role-based training for the AI-vendor intake reviewers
A deeper, hands-on module (~2 hours) for the reviewer population only. This is where the specific AI-vendor review skill gets built.
Content (minimum): - Reading an AI vendor's training-data posture, default training behavior, opt-out availability, retention, fine-tuning/eval use, embeddings persistence; how to verify in DPA and product docs, not just the website. - DPA and AI addendum adequacy, required clauses (no-train commitment, subprocessor disclosure, data residency, incident notification SLA, deletion on termination); common deficiencies and how to redline them. - Model provenance and subprocessor chain, who actually runs inference (vendor-hosted vs. Azure/GCP/AWS vs. open-model-on-vendor-infra); how the chain changes your regulatory posture. - EU AI Act deployer duties applied, Art. 26 checklist (instructions for use, human oversight assignment, monitoring, logging, affected-persons disclosure, FRIA triggers); Art. 50 transparency obligations. - Priority compliance map in practice, given a vendor, which requirements from PC's map apply and where the evidence lives. - Risk-tier rubric and fast-track path, how to classify quickly; when not to fast-track. - Calibration exercise, same 3 sample intakes scored independently; facilitated discussion of deltas.
Delivery: instructor-led or recorded workshop + role-specific reference job aids + quarterly calibration session. Completion is a prerequisite to approving intakes, not optional.
C) Run the shadow AI awareness campaign
An always-on communication program, not a one-time rollout. L1 target is a small, sustainable cadence.
Campaign elements: - Launch moment, executive sponsor message that names shadow AI, announces the amnesty window, and publishes the sanctioned catalog. - Recurring short stories, monthly one-paragraph pieces: new AI vendor approved and available, a fast-track win, a real anonymized intake the team caught (with employee permission), an external incident reframed as "could we trace this here?". - "Is this AI?" series, periodic call-outs of AI features quietly turning on inside known SaaS; clear instruction on whether the existing parent approval covers it. - Amnesty visibility, the path to disclose prior use is not buried, it's linked from the AUP, the intake form, and the sanctioned catalog page. - Feedback loop, a simple channel for employees to nominate AI tools for the catalog; visible triage. - Deployer-duty micro-content for regulated or customer-facing AI uses, short explainers on human oversight, logging, and disclosure obligations, targeted to the teams that touch them.
Measurement (outcome metrics below), campaign channels are tagged so attribution of intake submissions and amnesty disclosures to campaign touchpoints is possible.
Outcome Metrics (L1)
| Metric | Baseline | L1 Target | Source |
|---|---|---|---|
| % workforce with current-year AI-vendor literacy completion | measure | ≥95% | LMS / HR attestation |
| % intake reviewers with completed role-based training | measure | 100% | LMS + intake permissions |
| Reviewer calibration drift (avg tier/requirements delta across reviewers on shared samples) | measure | ≤1 tier step and ≤2 DPA-clause diffs | Quarterly calibration exercise |
| Shadow AI disclosures per quarter (amnesty path) | measure | rises Q1–Q2, then trends down | Intake queue tagged "amnesty" |
| Intake submission volume attributable to campaign channels | measure | ≥30% of net-new intakes | Tagged campaign URLs / form referrer |
Process Metrics (leading)
- Training content review cadence, AI-vendor literacy module reviewed each quarter and updated when the sanctioned catalog or priority compliance map changes.
- New-hire coverage SLA, AI-vendor literacy completed within 30 days of start.
- Reviewer calibration cadence, at least once per quarter.
Effectiveness Metrics (business value)
- Reviewer throughput, intakes closed per reviewer per week; should rise after role-based training lands without sacrificing quality (calibration drift stays in target).
- Sanctioned-catalog adoption rate, % of new AI use going to sanctioned vendors rather than new intakes; a signal that literacy plus catalog together reduce shadow AI.
- Avoided-incident stories, documented cases where workforce literacy caught a data-exposure risk before it landed in an unsanctioned AI tool.
Success Criteria
- Workforce AI-vendor literacy module launched and ≥95% current-year completion sustained.
- Role-based reviewer training launched, gated on intake approval permissions, and reviewer calibration drift inside target for two consecutive quarters.
- Shadow AI awareness campaign running with at least monthly content cadence and measurable attribution of intakes/amnesty disclosures to campaign channels.
- Deployer-duty micro-content deployed for every regulated or customer-facing AI vendor use case active in the inventory.
- Training content owner named, and content updated within 30 days of any change to the AUP, intake policy, sanctioned catalog, or priority compliance map.
Maturity Level 2
Objective: Move from foundational literacy to scenario-based reviewer training with depth calibrated per AI-vendor risk tier, and ship targeted training to product/engineering teams building on AI vendors
At this level, training stops being one-size-fits-all. Reviewer skill is deepened through scenario-based exercises using real (anonymized) intakes, and the teams that actually build on AI vendors receive their own track, because deployer duties under the EU AI Act and output-integrity responsibilities land on them, not only on reviewers.
Dependencies
- EG-Vendors L1 (required): workforce literacy and base reviewer training must be in place.
- SM-Vendors L2 (required): tiers define which reviewers go deep and on what cadence.
- TA-Vendors L2 (required for Critical-tier scenarios): per-vendor deep threat models are the source material for scenarios.
- Supports / unblocks: PC-Vendors L2 (tier-aware reviewers enforce tier-specific policies), TA-Vendors L2 (better reviewers produce better per-vendor threat models), DR/IR/ST L2 (tier-calibrated reviews need tier-calibrated reviewers).
Desired Outcomes
- Reviewer calibration on Critical-tier intakes is visibly tighter than on Medium/Low, the program gets what it pays for.
- Product and engineering teams building on AI vendors can speak to Art. 26 deployer duties, Art. 50 disclosure, output-integrity, and can defend their own design choices in DR.
- Shadow AI campaigns become seasonal and behavior-driven (hiring surges, OKR-planning windows, industry-incident-driven) rather than one-time launches.
- Training content is refreshed monthly from program telemetry, real failures, real calibration drifts, real near-incidents, not from annual curriculum reviews.
Activities
A) Scenario-based reviewer training
- Per-archetype scenario library built from anonymized real intakes: each scenario includes the as-submitted vendor, the original reviewer decision, the disagreement (if any), and the eventual resolved outcome.
- Paired calibration exercises, two reviewers independently score the same scenario; instructor-facilitated debrief on deltas.
- Tier-weighted curriculum: Critical-tier scenarios dominate advanced modules; Medium/Low streamlined.
- Capstone: reviewers graduate by running three live intakes end-to-end with a senior-reviewer shadow.
B) Product-team and engineering-team AI-vendor training
- A distinct track for teams that build on AI vendors: deployer-duty walkthroughs, Art. 50 disclosure in UX, output-integrity patterns, kill-switch design, logging obligations.
- Paired with SA reference-pattern walkthroughs, the training teaches the "green path" the teams will reach for in DR.
- Required for any team owning a Critical- or High-tier AI vendor integration; target ≥1 attendee per integration.
C) Behavior-driven shadow AI campaigns
- Campaigns tied to observed risk windows (e.g., year-end OKR rush, hiring surges, post-industry-incident moments).
- Each campaign has a pre-measured behavior target (e.g., "reduce unsanctioned ChatGPT egress from engineering by 40% in Q3") and a post-campaign measurement.
- Amnesty windows run alongside campaigns; disclosure volume monitored; disclosures attributed back to campaign channels.
Outcome Metrics (L2)
| Metric | Baseline | L2 Target | Source |
|---|---|---|---|
| Reviewer calibration drift on Critical-tier scenarios | measure | ≤1 tier step and ≤1 DPA-clause diff | Quarterly calibration exercise |
| % Critical/High-tier integrations with at least one team member trained on product-team track | measure | 100% | LMS × integration registry |
| Shadow AI campaign behavior-target achievement rate | measure | ≥70% of campaigns hit target | Campaign post-measurement |
| % training content refreshed in last 90 days | measure | ≥80% | Content change log |
| % workforce literacy completion maintained | measure | ≥95% | LMS |
Process Metrics (leading)
- Scenario library freshness, scenarios reviewed quarterly; retired when stale.
- Product-team training attendance per integration tracked monthly.
- Campaign pipeline, always ≥1 campaign in-flight tied to a measurable behavior.
Effectiveness Metrics (business value)
- Reduction in tier-upgraded intakes that missed deployer duties at first review (caught earlier as reviewer skill rises).
- Team-level avoided-incident stories attributable to product-team training.
- Sanctioned catalog adoption, teams that took product-team training adopt sanctioned AI vendors at a higher rate than untrained teams.
Success Criteria
- Scenario library of ≥30 real-sourced scenarios across archetypes; reviewer calibration drift inside target on two consecutive quarters.
- Product-team training delivered to ≥1 member of every Critical/High AI vendor integration.
- At least 2 behavior-driven campaigns run in the last 12 months with measured outcomes.
- Content refresh cadence met; ≥80% of content refreshed in last 90 days.
Maturity Level 3
Objective: Operate continuous calibration at scale, publish the AI-vendor reviewer curriculum and rubric as an industry-shared artifact, and contribute to emerging AI-vendor reviewer certification
At this level, training maturity is visible outside the organization. The program publishes the curriculum, rubrics, and scenario patterns; contributes to industry certification paths (e.g., CSA AI Safety Ambassador, Shared Assessments AI-vendor reviewer); and runs continuous live-calibration across reviewer cohorts.
Dependencies
- EG-Vendors L2 (required): scenario library, product-team track, and behavior-driven campaigns in place.
- PC-Vendors L3 (required for regulatory-track content): industry-grade compliance content.
Desired Outcomes
- External practitioners recognize and use the program's curriculum and rubric; citations and adoption tracked.
- Reviewer certification pathway exists and is completed by a majority of the organization's Critical-tier reviewers.
- Continuous live calibration, reviewers re-calibrated against anonymized real intakes monthly; drift trends are a managed metric.
- Training content evolution is auditable and evidence-driven (telemetry + incidents + external updates).
Activities
A) Publish the curriculum and reviewer rubric
- Curriculum, scenario library (anonymized), rubrics, and assessment harness published under a permissive license or as a consortium deliverable (e.g., via CSA AI Safety Initiative, OpenSSF AI, Shared Assessments AI-vendor track).
- Community contributions welcomed; changes flow back into internal content.
B) Continuous live calibration
- Monthly calibration round using a current anonymized intake sampled from the program's live queue; reviewer cohort answers; drift reported.
- Individual reviewer drift is a development signal (not a performance lever) with coaching hand-offs.
C) Industry-certification contribution
- Contribute to AI-vendor reviewer certification pathways as they emerge (Shared Assessments, CSA, ISC2, ISACA, sector-specific ISAC credentials).
- Align internal reviewer capstone with certification-grade rubric; support reviewers pursuing external credentials.
Outcome Metrics (L3)
| Metric | Baseline | L3 Target | Source |
|---|---|---|---|
| External adoption, citations, forks, downloads of curriculum artifacts | 0 | tracked, trending up | External telemetry |
| % Critical-tier reviewers holding an external AI-vendor reviewer credential | 0 | ≥50% by year 2 of L3 | HR / credential registry |
| Live calibration cadence met | measure | monthly, on calendar | Calibration log |
| Contributions to industry certification / curriculum working groups | 0 | ≥2 substantive/year | Contribution log |
Process Metrics (leading)
- Curriculum refresh pipeline healthy; ≥1 change per quarter.
- Reviewer pathway participation, measured per reviewer.
- External-adoption outreach, at least 2 conference / working-group engagements per year.
Effectiveness Metrics (business value)
- Talent attraction, the program is a named draw for reviewer-track hires.
- Reduced on-boarding time for new reviewers (external-credential holders ramp faster).
- Industry signaling, program cited by regulators or standards bodies as reference.
Success Criteria
- Curriculum and rubric published externally with documented adoption.
- Monthly live calibration operating; drift inside target two consecutive quarters.
- ≥50% of Critical-tier reviewers credentialed (where a credential exists).
- ≥2 substantive contributions to industry certification / curriculum per year.
Key Success Indicators
Level 1: - Foundational vendor security training delivered to all procurement, legal, vendor management, and development teams - Awareness campaigns actively communicating vendor security risks and supply chain threats - Training completion tracked (>80% of vendor-facing teams complete foundational training) - Basic vendor security guidance available (assessment procedures, questionnaire templates, contract clauses)
Level 2: - Scenario library (≥30 anonymized real-sourced) operating; reviewer calibration drift on Critical-tier scenarios inside target for two consecutive quarters. - Product-team AI-vendor training delivered to ≥1 member of every Critical/High integration. - ≥2 behavior-driven shadow-AI campaigns run in the last 12 months with measured behavior-target outcomes. - Training content refreshed in last 90 days for ≥80% of modules.
Level 3: - Curriculum, scenario library, and rubric published externally (CSA / OpenSSF / Shared Assessments / sector ISAC) with documented adoption or citation. - ≥50% of Critical-tier reviewers hold an external AI-vendor reviewer credential (where one exists). - Monthly live calibration cadence operating with drift inside target. - ≥2 substantive contributions to industry AI-vendor certification or curriculum working groups per year.
Common Pitfalls
Level 1: - ❌ Vendor security training only for security team (procurement and legal not trained, security becomes bottleneck) - ❌ Training focuses on process not risk (teach questionnaire mechanics, don't explain why vendor security matters) - ❌ Supply chain security ignored (focus only on direct vendors, ignore software dependencies) - ❌ No business stakeholder awareness (business doesn't understand vendor risk, pressures to skip security assessments) - ❌ Training is fear-based (scare teams about vendor risks, create risk aversion that blocks necessary vendor relationships)
Level 2: - ❌ Scenario library is built from invented scenarios rather than anonymized real intakes, reviewers learn the shape but not the real edge cases. - ❌ Product-team training is optional; integration owners skip it and then produce poorly-scoped designs that DR catches late. - ❌ Campaigns are launched without a pre-measured behavior target, "awareness" claimed without data. - ❌ Content "refreshes" are cosmetic, scenarios and rubrics go stale while module covers get redesigned. - ❌ Calibration drift measured but not acted on, reviewers with persistent drift never receive coaching.
Level 3: - ❌ External publication without ongoing maintenance, third parties find a stale artifact and stop trusting the program. - ❌ Credentialing becomes performative, reviewers chase credentials that don't map to the program's actual tier-treatment rubric. - ❌ Live calibration becomes a gotcha instead of a development signal; reviewers game it. - ❌ Contributions to industry working groups don't loop back, what's published externally differs from what reviewers actually use internally.
Practice Maturity Questions
Level 1: 1. Have all procurement, legal, vendor management, and development teams received foundational training on vendor security and supply chain risks? 2. Are awareness campaigns actively communicating vendor security risks, supply chain threats, and real-world vendor breach impacts? 3. Is basic vendor security guidance available (assessment procedures, security questionnaires, contract security clauses)?
Level 2: 1. Is there a scenario library of anonymized real AI-vendor intakes powering reviewer training, with quarterly calibration exercises that show Critical-tier drift inside target? 2. Have you delivered a product/engineering team training track, covering deployer duties (EU AI Act Art. 26/50), output integrity, and SA reference-pattern adherence, to at least one member of every Critical/High AI-vendor integration team? 3. Are shadow AI awareness campaigns running on a behavior-driven cadence with pre-measured targets, and is training content refreshed at least quarterly from program telemetry?
Level 3: 1. Has the curriculum, scenario library, and reviewer rubric been published externally (CSA, OpenSSF AI, Shared Assessments, sector ISAC) with documented adoption, citations, or contributions back? 2. Is a continuous live-calibration cadence operating (monthly anonymized live-intake exercise) with reviewer drift tracked as a development signal, and do ≥50% of Critical-tier reviewers hold an external AI-vendor reviewer credential (where one exists)? 3. Does the program contribute at least two substantive artifacts per year to industry AI-vendor reviewer certification or curriculum working groups, with a traceable loop back into internal content?
Vendor Security & Supply Chain Considerations
Effective vendor security education must address unique challenges in third-party risk:
Cross-Functional Vendor Security
- Procurement Integration: Security embedded in procurement process, not separate bottleneck
- Legal Partnership: Legal teams understand security requirements, can negotiate effectively
- Business Alignment: Business stakeholders appreciate vendor risk, support security requirements
- Security Enablement: Security team enables vendor relationships, doesn't block them
Supply Chain Complexity
- Direct vs. Indirect Vendors: Understanding vendor tiers (vendors, subprocessors, fourth parties)
- Software Supply Chain: Managing dependency risks (open-source, commercial, transitive dependencies)
- Global Supply Chains: Geographic and jurisdictional risks in vendor relationships
- Vendor Concentration: Avoiding over-reliance on single vendors or shared infrastructure
Balancing Security and Business
- Risk-Based Approach: Vendor security requirements proportionate to risk
- Business Enablement: Vendor security process that doesn't excessively delay procurement
- Vendor Relationship Management: Security requirements that maintain vendor relationships
- Practical Standards: Vendor security standards achievable by vendors, not perfection
AI-Augmented Vendor Security
- AI Risk Scoring Trust: Calibrating appropriate trust in AI vendor risk scores
- Continuous Monitoring: Understanding AI-detected vendor security changes
- Supply Chain Automation: Using AI for scalable supply chain security (can't manually review all dependencies)
- Vendor Security Intelligence: Leveraging AI for vendor threat intelligence
Organizations must invest in cross-functional vendor security education that balances risk management with business enablement and scales with supply chain complexity.
Document Version: HAIAMM v3.0 Practice: Education & Guidance (EG) Domain: Vendors Last Updated: December 2025 Author: Verifhai
☑ Interactive Self-Assessment
Answer each question based on your current, implemented practices only. Progress saves automatically in your browser.