Navigating the AI hype: Structured evaluation for AI providers


We enhanced the well-established StarAudit questionnaire to include a comprehensive AI provider evaluation.
Outcome
In collaboration with our client, we have developed a practical questionnaire designed to qualify AI providers. This comprehensive questionnaire addresses the critical areas necessary for AI compliance. It is aligned with the structure of the AI Act, with a particular emphasis on the requirements for high-risk AI systems.


Numbers and facts
44 closed-ended questions for evaluating providers of AI services.
30 open-ended questions for describing the AI service in accordance with the AI Act.
8 different sections for a holistic assessment.
5 internationally recognized laws and frameworks used.


About StarAudit
StarAudit is designed and provided by EuroCloud Europe, an independent non-profit organization renowned for its extensive international network of accredited partners and experts. It represents an advanced certification tool as well as a comprehensive questionnaire for evaluating cloud services. This questionnaire addresses the increasingly complex demands for transparency, compliance, security, and data protection in Cloud usage. With StarAudit, Cloud services are evaluated across seven distinct areas using questions with predefined answer choices.
Why the new AI Area
Employing AI introduces numerous new challenges and risks for companies and organizations. With so much information available, losing track of what truly matters is easy. The new AI Area in StarAudit provides a structured framework to cover the most critical topics through targeted questions. This enables quick determination of whether a provider is mature enough and whether a use case is feasible. It thus helps to bring clarity to the complex AI risk landscape.
The process
Sourcing International partnered with a client to conduct a comprehensive assessment of risks and challenges associated with both current and planned AI use cases. The goal was to ensure legal, technical, and organizational compliance in alignment with international standards and the evolving AI Act. We began by mapping and consolidating multiple internationally recognized frameworks including the NIST AI Risk Management Framework, AIC4, IDW PS 861, and the EU AI Act into a unified and structured questionnaire. This allowed us to systematically evaluate provider maturity and service compliance across key dimensions. Recognizing that these frameworks do not fully address emerging legal risks and sector-specific nuances, we initiated a series of expert interviews with leading jurists from the International Network of Privacy Law Professionals (INPLP). Their insights were instrumental in shaping the legal depth and practical relevance of our questions. One of the main challenges was to harmonize differing terminologies and conceptual approaches across the various frameworks while bridging the gap between legal and technical interpretations. In addition, it was crucial to design the questionnaire in a way that made it both practical and sufficiently comprehensive for a wide range of stakeholders including procurement, legal, IT security, and business departments. To meet these requirements, we adopted an iterative development process, working closely with internal teams and external experts and integrating feedback in structured weekly review cycles. The finalized questionnaire underwent expert review by analysts from Gartner and Microsoft. Their valuable insights were integrated into the framework, further enhancing its rigor, practical relevance, and credibility as a robust tool for evaluating AI providers.

Consultant
More success stories
Get in touch
Quality consultation
How we help clients
1
Strategy, Governance & Compliance
We help clients develop tech strategies and compliance frameworks.
2
Digital Transformation
We design key digital transformation projects on behalf of our clients.
3
Application
We successfully implement the most demanding technology projects.
4
Organisational Identification
We support our customers in developing a vibrant organisational culture.