Skip to content
OPS-014
← Back to ledger
Holding·last review26 Apr 2026

An SMB AI vendor evaluation defensible to the typical cyber-insurance reasonable-care expectation can be completed in 90 minutes by walking through five questions in order — model provenance, data residency, sub-processor list, breach history, termination clause — each answered from the vendor's public site or the contract about to be signed.

Editorial framework piece. Each question maps to a specific public artefact (Trust Center, DPA, sub-processor list, security/incident page, termination clause) such that absence of the artefact is itself the answer. Not a substitute for ISO 27001 or SOC 2; not a guarantee. Pairs with OPS-011 (use-case filter) — vendor selection happens after the use case clears OPS-011's filter.

Published
26 Apr 2026
Last reviewed
26 Apr 2026
Next review
+43d· 26 Jun 2026
Cohort
5-50p SMB about to sign with AI vendor
Cadence
60-day
Sample
editorial framework citing GDPR Art. 28, ISO/IEC 42001, Anthropic + OpenAI Trust Centers
Sibling claim
OPS-011Picking your first AI agent: the 4-question filter for SMBs
Source piece
AI vendor due diligence in one Saturday: a 5-question framework for SMBsRead piece →
Permalink/holding/OPS-014/
Embed this claimiframe + oEmbed
HTML iframe
Paste-the-URL (Substack, Medium, Notion, WordPress)

The card auto-updates when the claim's status, last-reviewed date, or correction log changes. Embedders never need to refresh — the card is rendered live from the canonical record.

About this register

The Operators register tracks claims published from practitioner-advisory pieces addressed to solo founders, micro-SMB, and small businesses up to around fifty people. Claims are reviewed on a 30–45 day cadence — tooling and SMB-relevant pricing shift faster than enterprise procurement signals.

Recent corrections in Operators

  • OPS-036 · Partial · 29 Apr 2026

    Initial publication 29 Apr 2026. Status set to Partial at publication because clause 6 commentary references an order-of-magnitude remediation-cost gap derived from the IAPP 2024 AI Governance Profession Report; the report characterises the gap as material but does not publish a precise multiple, so the wording is annotated source: our-estimate. REVIEW: Peter to source a precise figure or amend the commentary.

  • OPS-035 · Holding · 29 Apr 2026

    Initial publication 29 Apr 2026. Status set to Partial at publication because category 5 lacks the same regulatory/cited-consequence anchor as categories 1-4. REVIEW: Peter to confirm category 5 evidence base and either upgrade to Holding (with strengthened citation) or amend the claim to four categories.

  • OPS-034 · Holding · 29 Apr 2026

    Initial publication 29 Apr 2026 with status=partial. Cost-side claims (vendor pricing) verifiable against the four cited pricing pages on the publication date. Time-recovery claim (90+ min compressed to ~20 min) drawn from published productivity-blogger benchmarks rather than Peter-run measurement; first-cohort replication on the publication's tracked operator cohort due by 13 Jun 2026. REVIEW: Peter.

Reviews coming up in Operators

  • OPS-005 · Holding · next +12d (26 May 2026)

    At sub-1M tokens per month (typical SMB agent volume) in 2026, the absolute dollar gap between Claude Haiku 4.5, GPT-4o…

  • OPS-003 · Holding · next +12d (26 May 2026)

    For a solo founder choosing exactly one consumer AI subscription at around $20/month in 2026, the choice between Claude…

  • OPS-002 · Holding · next +12d (26 May 2026)

    For a 5-person consultancy already on either Notion or ClickUp in 2026, the AI features alone do not justify a workspac…