AICPA Trust Services Criteria attestation for security (and optionally availability, confidentiality, etc.)—common procurement filter for AI vendors handling company data.
SOC 2 Type I describes controls at a point in time; Type II observes operating effectiveness over months. Neither guarantees good AI behavior, but it signals baseline security process maturity.
With AI procurement
Read which trust principles are in scope and how subprocessors (model providers) are covered alongside your TCO analysis.
