Colorado AI Act in · EU AI Act (High-Risk) in · ISO 42001 + NIST AI RMF + OpenClaw + Agentic AI — organized into editable implementation artifacts
Home / Downloads / AI Vendor Due Diligence Pack
Vendor risk

AI Vendor Due Diligence Pack

A practical intake and screening pack for SMEs evaluating AI tools, copilots, agents, and embedded AI vendors before approval.

Download Vendor PackSee ACT-2 Professional
ZIP · XLSX + DOCXNo login requiredNot legal advice

Download the free implementation artifact

This file is a public preview of the Move78 implementation evidence model. It is designed to create useful evidence structure before a team buys ACT-2 Professional.

Download Vendor Pack

What is inside

The package is intentionally narrow. It gives you a concrete artifact, not a generic whitepaper.

Included artifacts

  • AI vendor intake form
  • AI capability and use-case classification
  • Data-handling due diligence questions
  • Model, provider, and transparency questions
  • Security and privacy due diligence checklist
  • Approval recommendation worksheet

Useful for

  • Procurement teams evaluating AI vendors
  • CISOs and risk leads documenting third-party AI exposure
  • SMEs that need a repeatable vendor-screening process

Where it fits

ACT-2 Professional expands this into the full vendor governance operating layer, including policy, risk, evidence, and approval artifacts.

Use it with the relevant Move78 diagnostic path

Run the related free tool first if you want a diagnosis before using the artifact.

Need the full implementation evidence pack?

ACT-2 Professional contains the full workbook, policy, evidence, board-reporting, vendor-risk, FRIA, agentic AI, MCP, and implementation-planning layer. Purchase is handled by direct invoice and bank transfer.

View ACT-2 ProfessionalHow purchase works

Frequently Asked Questions (FAQs)

Is this legal advice?

No. This free artifact is implementation support only. It is not legal, tax, regulatory, or certification advice and does not provide compliance assurance or safe-harbor outcomes.

Do I need to log in or submit an email?

No. The artifact is intended as a direct download. If you later request ACT-2 access, that purchase is handled separately by direct invoice and bank transfer.

How does this relate to ACT-2 Professional?

ACT-2 Professional expands this into the full vendor governance operating layer, including policy, risk, evidence, and approval artifacts.

Source and review note: This page was last reviewed on 6 May 2026 against the current Move78 public site baseline and relevant official or authoritative sources where laws, standards, frameworks, cybersecurity controls, product scope, pricing, support policy, or implementation guidance are discussed. It provides operational implementation guidance and product information only; it is not legal advice, tax advice, audit assurance, certification assurance, conformity-assessment advice, buyer-approval assurance, or security assurance. Validate legal, regulatory, contractual, tax, audit, and security decisions with qualified professionals.