Vendor risk teams have a well-worn playbook for SaaS: certifications, data-processing terms, subprocessors, breach notification, exit rights. AI providers fit that playbook — the trap is aiming it at the wrong party. Depending on which door you use to reach Claude, the party operating the service, processing your data, and holding your contract changes. Sort that out first and the rest of the assessment falls into place.
Step one: identify who you are actually assessing
On the first-party Claude API and on Claude Platform on AWS (Anthropic-operated, running on AWS), Anthropic is the operator, and for commercial customers Anthropic describes itself as a data processor acting on the customer's instructions. On Amazon Bedrock and Google Cloud, Anthropic's own documentation is explicit that the cloud provider is the data processor, and directs customers to those platforms' data retention and compliance policies for equivalent controls; Microsoft Foundry deployments likewise sit inside your Microsoft relationship. So a Bedrock deployment is primarily an AWS vendor assessment — likely already largely done if AWS is your incumbent cloud — with Anthropic as the model developer behind the service. A first-party deployment is an Anthropic assessment. Aim your questionnaire accordingly.
What Anthropic publicly documents
When Anthropic is the party under review, several answers are on the public record rather than questionnaire-only:
- Certifications. Anthropic states it has obtained SOC 2 Type I & Type II, ISO 27001:2022 (information security management), ISO/IEC 42001:2023 (AI management systems), and offers a HIPAA-ready configuration with a BAA available. Anthropic's stated scope is its commercial products, such as Claude for Work and the Anthropic API — excluding consumer products. ISO/IEC 42001 is notable as the first international standard for AI governance; Anthropic announced accredited certification (issued by Schellman Compliance, an ANAB-accredited body) in January 2025.
- Compliance documentation. Copies of reports and further documentation are requested through the Anthropic Trust Center (trust.anthropic.com) — the natural first stop for your security review packet.
- Training and retention defaults. By default, inputs and outputs from commercial products are not used to train models (explicit feedback is the documented exception), and Claude API inputs/outputs are deleted within 30 days by default, with contractual zero-data-retention arrangements available. See retention and deletion practices for the full picture, including documented exceptions.
Do not silently extend these to the cloud platforms: a certification held by Anthropic for its API is not evidence about Bedrock, Vertex AI, or Foundry. Those deployments inherit your cloud provider's compliance posture — verify certifications, BAAs, and data-handling terms directly with that provider.
The checklist to run with your provider
| Area | What to verify |
|---|---|
| Data processing | Who is the processor for this deployment path; where retained data resides; retention periods and deletion mechanics |
| Certifications | Which attestations cover the specific service you will use, at what scope; obtain the reports, not the badge list |
| Subprocessors | The provider's current subprocessor list and change-notification mechanism (provider-published; review with counsel) |
| Breach notification | Contractual notification commitments and channels — set by your agreement with the provider; confirm timelines in the contract itself |
| Training use | Written confirmation that your inputs/outputs are not used for model training under your terms |
| Regulated data | If PHI or similar is in scope: the specific arrangement (e.g., BAA) covering the specific platform — not an adjacent one |
| Exit | What you can export, what gets deleted on termination, and how model access ends |
Two hedges worth keeping verbatim in your report: breach-notification timelines and subprocessor terms are contractual matters that vary by agreement — this guide cannot state them for you — and no certification is a regulatory conclusion about your use case. Your counsel maps attestations to obligations.
Reassess on change, not just on calendar
Annual reviews are table stakes; AI services also change mid-cycle in ways that matter — new models with different retention requirements (Claude Fable 5, for example, requires 30-day retention and is not ZDR-eligible), new stateful features that sit outside a ZDR arrangement, new platform capabilities. Add "material service change" triggers to the reassessment policy, and assign an owner to watch the platform's release documentation.
Where to go next
If the vendor is a SaaS product with Claude inside rather than a platform, use the companion checklist. For the compliance-inheritance logic, see compliance inheritance and legal and procurement basics.