Step-by-Step Support for AI Vendor Selection and Due Diligence | Webmemo Consulting Walter Schärer

Introduction

This is a companion document to the Periodic Cube of AI Framework.
It provides a practical, step-by-step process for leveraging the framework’s multi-dimensional insights for vendor selection and due diligence.

Introduction: From Landscape to Action

The Periodic Table of AI provides a map of the complex AI technology landscape. While the map is invaluable for understanding the terrain, its true power lies in guiding strategic decisions. One of the most critical decisions for any organization adopting AI is determining which capabilities to build internally versus which to source from external vendors.

This guide provides a structured methodology to translate the framework’s insights into a robust vendor selection and due diligence process. By using the seven classification dimensions, you can move from high-level strategic planning to detailed, evidence-based vendor comparisons with confidence and clarity.

The Three Phases of Vendor Selection

We can break the process into three distinct phases, each using different dimensions of the framework to answer key questions.

Phase	Title	Key Question	Primary Framework Dimensions Used
1	Strategic Assessment & Shortlisting	What should we buy, and who are the potential providers?	`Build vs Buy`, `Criticality`, `TRL`, `Org. Ownership`
2	Deep-Dive Evaluation & Due Diligence	Which specific vendor best fits our needs?	`Cost Structure`, `Human Intensity`, `SFIA Category`
3	Integration & Risk Planning	How will this solution fit into our ecosystem and what could go wrong?	`Criticality`, `Org. Ownership`, `Build vs Buy`

Phase 1: Strategic Assessment & Shortlisting

Goal: To identify which components of the AI stack are the best candidates for external sourcing and to create a preliminary list of potential vendors.

Step 1.1: Identify "Buy" and "Integrate" Candidates

Start by using the Build vs Buy vs Integrate visualization as your primary filter. Identify all components classified as «Buy,» «Integrate,» or «Hybrid.» These are your initial candidates for vendor sourcing. Components marked as «Build» are typically poor candidates for off-the-shelf solutions as they often represent unique, proprietary business logic or processes.

Step 1.2: Prioritize Based on Criticality and Maturity

Not all «Buy» candidates are equal. You must prioritize where to focus your evaluation efforts. Cross-reference your candidate list with two other dimensions:

Criticality / Risk Level: Focus your initial efforts on vendors for Mission-Critical and High Priority components. These have the biggest impact on your AI system’s success, and making the right vendor choice here is paramount.
Technology Readiness Level (TRL): Assess the market maturity. Sourcing a vendor for an Established technology (e.g., Version Control) is lower risk than for an Emerging one (e.g., Multi-Agent Interoperability). For emerging tech, you may need to consider startups or specialized firms and perform more rigorous due diligence later.

Step 1.3: Assemble the Decision Team

Use the Organizational Ownership dimension to identify the key internal stakeholders who must be involved in the selection process. For example, if you are evaluating a «Control & Risk Catalog» (owned by Security/Compliance), your security and legal teams must be involved from the very beginning. This ensures that all relevant expertise is leveraged and secures buy-in from the teams who will ultimately manage the solution.

Step 1.4: Create a Vendor Longlist

With a prioritized component and a decision team in place, conduct market research to create a «longlist» of 5-10 potential vendors. Use standard search queries and consult industry analyst reports. The goal at this stage is to identify all plausible players in that specific market segment.

Outcome of Phase 1: A prioritized list of 1-3 AI components to source externally, a dedicated cross-functional team for the decision, and a longlist of potential vendors for the top-priority component.

Phase 2: Deep-Dive Evaluation & Due Diligence

Goal: To systematically evaluate the shortlisted vendors and select the one that best aligns with your technical, financial, and operational requirements.

Step 2.1: Define Evaluation Criteria with the Framework

Transform the framework dimensions into specific questions for your Request for Proposal (RFP) or evaluation checklist. This moves the discussion from abstract concepts to concrete vendor capabilities.

Framework Dimension	Evaluation Questions for Vendors
Cost Structure	– Provide a detailed pricing model. Is it based on usage, per-seat licenses, or a flat fee? – What is the estimated Total Cost of Ownership (TCO) over three years, including support, training, and infrastructure? – Does your model align with our preference for OpEx or CapEx?
Human-in-the-Loop Intensity	– Describe the typical workflow for using your tool. How much manual configuration and ongoing management is required? – What level of automation does your product provide for this task? – What skills are required for an end-user to be successful with your platform?
SFIA Activity Category	– What training, documentation, and professional services do you offer to support our team? – How does your product roadmap align with the key activities of a `Data Scientist` vs. a `Platform Engineer`? – Show us how your tool improves the productivity of the roles associated with this SFIA category.
Technology Readiness Level (TRL)	– How long has this product been on the market? Provide customer case studies and references. – What is your product roadmap for the next 12-24 months? – How do you handle security vulnerabilities and product updates?

Step 2.2: Score and Rank Vendors

Use a weighted scoring matrix to compare vendors against your defined criteria. The «Criticality» dimension can help you set the weights. For a «Mission-Critical» component, criteria related to security, reliability, and support should have a higher weight. For an «Enhancing» component, criteria related to cost and ease of use might be more important.

Step 2.3: Conduct Rigorous Due Diligence

For the top 1-2 vendors, conduct deep-dive due diligence. This is where you verify the claims made during the sales process.

Technical Due Diligence: Involve the Organizational Ownership team (e.g., ML/AI Engineering) to conduct a Proof of Concept (PoC). Test the vendor’s APIs, assess performance, and validate integration capabilities.
Security Due Diligence: The Security/Compliance team should review the vendor’s security certifications (e.g., SOC 2, ISO 27001), data privacy policies, and conduct a security assessment.
Financial Due Diligence: Review the vendor’s financial stability, especially for startups in «Emerging» TRL categories. You need a partner who will be around for the long term.
Reference Checks: Speak to existing customers who have a similar use case and scale.

Outcome of Phase 2: A single, selected vendor, backed by a comprehensive evaluation report and due diligence findings.

Phase 3: Integration & Risk Planning

Goal: To ensure a smooth implementation of the vendor solution and to proactively manage potential risks.

Step 3.1: Plan the Integration Strategy

Revisit the Build vs Buy vs Integrate dimension. If you chose a «Hybrid» or «Integrate» solution, your work is not done. You need a clear plan for the «Build» portion.

Define Integration Points: Map out exactly where the vendor’s solution will connect to your existing systems.
Allocate Internal Resources: Assign engineers from the responsible Organizational Ownership team to build the necessary connectors, APIs, or custom code.
Establish a Timeline: Create a project plan that includes both vendor implementation tasks and internal integration development.

Step 3.2: Develop a Risk Mitigation Plan

Use the Criticality dimension to guide your risk management efforts. The more critical the component, the more robust your contingency plan needs to be.

For Mission-Critical Components: What is your plan if the vendor has a major outage? Do you have data backups? Is there a potential alternative vendor you could switch to in an emergency? What are the contractual SLAs for uptime and support?
For High Priority Components: What is the impact of a performance degradation? How will you monitor the vendor’s service and your integration points?

Step 3.3: Finalize Ownership and Governance

Formalize the roles and responsibilities for managing the vendor relationship and the new solution post-launch. The Organizational Ownership dimension provides the starting point.

Primary Owner: The designated team is responsible for day-to-day operations, user support, and managing the vendor relationship.
Governance Team: For critical components, establish a cross-functional governance team (including Security/Compliance and Business/Product) to oversee performance, cost, and value realization over time.

Outcome of Phase 3: A comprehensive implementation plan, a risk register with mitigation strategies, and a clear governance model for the new solution.

By systematically applying the Periodic Table of AI framework, you can transform vendor selection from a subjective, often chaotic process into a structured, data-driven strategic function that minimizes risk and maximizes the value of your AI investments.