Latest Posts and Insights

The process for starting a vendor management program can be easy, if you have a good process.

While building an AI governance program for a law firm is not that different than any other business, there are some key considerations a law firm has to take to maintain client trust, follow the rules of professional conduct and maintain integrity.

A look at the NIST AI RMF, why and how companies should adopt it now. As a voluntary framework, the benefit of adoption is proving your business's Responsible AI mission which builds trust with your prospects and customers.

This blog post provides a comprehensive guide on how to establish an AI ethics strategy within a tech company, emphasizing the need for a dedicated Chief Ethics Officer. It covers key steps such as aligning ethical principles with company values, forming a diverse ethics committee, and maintaining regular communication with the Board of Directors. The article aims to help AI companies integrate ethical considerations into their business strategies and foster responsible AI development.

This blog post explores the current state of licensing, whether it is online terms of service or main services agreements, and what you should look for to understand your rights and the rights of your vendor.

This blog post explores how ClearOPS leverages Generative AI, combined with RAG (Retrieval-Augmented Generation) and OSINT (Open Source Intelligence), to revolutionize vendor risk management and due diligence. By integrating diverse data sources and facilitating cross-functional collaboration, ClearOPS empowers organizations to automate and expedite vendor assessments, improving efficiency and scalability in managing cybersecurity risks and compliance. Discover how ClearOPS is transforming vendor assessment workflows and fostering secure business relationships with this innovative approach.

This blog post explores the frustrations associated with traditional security questionnaires and how OpenAI's advanced language models can transform the process. By automating responses, improving consistency, and speeding up the completion of these assessments, ClearOPS leverages AI to save time and resources for both sales and information security teams, making vendor assessments more efficient and less painful.

This blog post explains why traditional GRC tools fall short in addressing the unique challenges of AI governance and compliance. It highlights the limitations of current solutions in managing risk, collaboration, and policy creation, and introduces ClearOPS as a forward-thinking alternative that automates complex AI assessments and compliance tasks, making it easier for businesses to navigate the evolving regulatory landscape.

This blog post offers a comprehensive guide to creating a Generative AI policy that addresses key issues like confidentiality, accuracy, and legal risks. It explains how to assess the use of AI tools such as ChatGPT in business settings, develop clear guidelines for employee usage, and ensure vendors comply with AI governance standards. The article highlights the importance of verifying AI outputs, protecting proprietary information, and understanding legal implications, while providing practical tips to make security and compliance processes less daunting and more effective.

A breakdown on the true cost of security questionnaires to vendors.

Exploring the diverse global AI regulatory landscape, including the EU’s AI Act, the decentralized approach in the US, and the varying frameworks in the Asia-Pacific region. It highlights the importance of understanding these regulations to ensure compliance and build what's right in AI technologies.

This article highlights the importance of AI governance by teaching you how to interrogate your vendors like a seasoned detective, minus the trench coat. After all, it’s not just about knowing if they use AI—it’s about making sure your data doesn’t become the plot twist in their next sci-fi thriller!

This blog post discusses how deepfake technology is being used to exploit corporate hierarchies through sophisticated phishing attacks. The post emphasizes the need for robust AI governance and vendor management processes to prevent costly breaches and ensure secure verification of requests.

In my view, starting an AI governance program means evaluating your existing vendors with information you already have.

Most people start an AI governance program by backing up and building a process. I argue that your employees aren't waiting around for your beautiful policies. You need to start with vendor management.