Vendor register fields
| Field | Purpose |
|---|---|
| Vendor/tool name | Identifies the AI system or product. |
| Business use | Explains why the tool is used. |
| Owner | Names the internal person responsible. |
| Data categories | Records whether personal, customer, confidential or public data is involved. |
| Customer impact | Shows whether the tool affects customers directly. |
| Contract/security docs | Links to DPA, SOC report, security page, terms or privacy documentation. |
| Review date | Shows when the vendor was last reviewed. |
Why this matters
Procurement teams often ask which AI vendors are used, whether customer data is shared, and how suppliers are controlled. A register gives a direct answer instead of a messy internal search.