Glossary · Compliance

AI Vendor Selection

AI vendor selection is how SMBs evaluate AI vendors on capability, cost, and risk. A practical 12-question checklist and decision framework.

By Kadin Nestler · May 28, 2026 · Updated May 28, 2026
On this page

Selection dimensions that matter

  • Capability — does it actually solve your specific problem, with evidence from real deployments?
  • Total cost — build fee, monthly operating, model passthrough, hidden labor.
  • Security and compliance — SOC 2, BAA if needed, DPA, data residency.
  • Portability — IP ownership, exit clauses, data export.
  • Reliability — uptime, latency, error handling.
  • Operating support — escalation, response time, who actually answers when it breaks.
  • Vendor stability — funded? Profitable? How long have they been operating?

The 12-question SMB checklist

  • 1. Show me a live deployment at a real client. Not a sandbox.
  • 2. What does the contract say about IP ownership of my workflows?
  • 3. What is the no-fault termination clause?
  • 4. Who from this conversation will actually do the work?
  • 5. What model and infrastructure costs do I pay on top of your fee?
  • 6. What is your data processing addendum?
  • 7. How fast do you respond when something breaks in production?
  • 8. What is your eval coverage and current pass rate?
  • 9. Are you SOC 2 Type 2 certified?
  • 10. Will you sign a BAA if my workflow touches PHI?
  • 11. What is the all-in 12-month cost?
  • 12. What scope is outside your competence?

Red flags during selection

  • Pricing opacity until NDA signed.
  • Refusal to provide a customer reference call.
  • Contract longer than 90 days for SMB scope.
  • No SOC 2 or BAA when required.
  • Vague answers on data handling, retention, and training.
  • No documented evals or quality measurement.
  • Sales team different from delivery team.

How to score vendors

Build a simple weighted scorecard before any vendor demos: list the dimensions above, weight each by your priorities (security may matter more than capability for regulated workloads; capability may matter more than cost for revenue-generating workflows), score each vendor 1-5. The scorecard prevents demo-induced bias and produces a defensible record if the choice is questioned later.

What it means for your business

Most bad AI engagements trace back to vendor selection, not vendor execution. The half-day spent on a scorecard saves the six-month wind-down you avoid.

  • AI Readiness — AI readiness is whether an organization can actually deploy AI safely and usefully. Definition, dimensions, and a practical SMB checklist.
  • AI ROI — AI ROI is the measurable financial return from an AI deployment. Definition, calculation, and the common traps that fake the numbers.
  • AI Implementation — AI implementation is the end-to-end process of deploying an AI workflow from scoping through production. Phases, timeline, and SMB common pitfalls.
  • Build vs Buy AI — The build-vs-buy decision for AI depends on scope, talent, time horizon, and total cost. A practical decision framework for SMB owners.
  • Enterprise AI vs SMB AI — Enterprise and SMB AI projects share technology but differ in budget, scope, timeline, and vendor type. Comparison framework for SMB buyers.
← Back to the full glossary