HECVAT Category

General AI Questions

General AI Questions covers controls and questions related to that domain. It outlines expectations institutions typically require from vendors. The category helps assess risk posture and operational maturity. It provides structure for consistent evaluation during security reviews.

Assessment Questions

AIGN-01

Does your solution have an AI risk model when developing or implementing your solution's AI model?

AI governance is what's being probed here, specifically whether you apply a formal AI risk model when developing or implementing your solution's AI model.

AIGN-02

Can your solution's AI features be disabled by tenant and/or user?

Granular AI control is the concern: whether administrators can switch off your solution's AI features at the tenant level, the individual user level, or both.

AIGN-03

Have your staff completed responsible AI training?

Responsible AI competency is the focus here, asking whether your staff have completed formal training on responsible AI practices. Responsible AI training covers ethical considerations, bias mitigation, transparency, privacy protection, and other principles that ensure AI systems are developed and deployed in ways that are fair, accountable, and beneficial to society.

AIGN-04

Please describe the capabilities of your solution's AI features.

Here you are asked to describe the AI capabilities built into your solution and what those features actually do. The assessor wants to understand what AI features exist, what they're designed to do, how they work, and what benefits they provide to users.

AIGN-05

Does your solution support business rules to protect sensitive data from being ingested by the AI model?

Guarding sensitive data from your AI model is the concern here, specifically whether your solution can enforce business rules that block such data from being ingested.

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron