IAPP Artificial Intelligence Governance Professional (AIGP) — Question 142

The best practice to manage third-party risk associated with AI systems is to create and implement policies that:

Answer options

• A. Focus on the financial stability of third-party vendors as the primary criterion for risk assessment.
• B. Provide for an appropriate level of due diligence and ongoing monitoring based on the defined risk.
• C. Require third-party AI systems to undergo a comprehensive audit by an external cybersecurity firm every six months.
• D. Focus on the technical aspects of AI systems, such as data security, while ethical risks are addressed through suitable contracts.

Correct answer: B

Explanation

The correct answer, B, emphasizes the necessity of due diligence and ongoing monitoring tailored to the identified risks, which is crucial for effective risk management. Option A is too narrow as it solely focuses on financial stability, while C may be overly burdensome and not practical for all vendors. Option D neglects the importance of continuous risk assessment and monitoring, focusing instead on a limited view of technical aspects.