
Your team does supplier due diligence? The suppliers hardly answer your questionnaires?
- This AI powered supplier due diligence code may help you to get more answers to base your due diligence conclusion onto.
- Your team might be requested to go to the supplier website to find answers to the questionnaires’ questions. This code automates that using AI.
- Even if suppliers answer your questions, you can use the code to verify their answers.
Source Code
Access the GitHub repository with the full source code here: gh.com/ls/ai-for-supplier-due-diligence
The setup instructions are: gh.com/ls/ai-for-supplier-due-diligence/README
Overview of the Solution
The code leverages AI – Anthropics latest Claude model – to retrieve answers for your questions.
- AI Integration for Answering Questions
- The script uses Anthropic’s Claude model, a powerful generative AI, to retrieve answers from supplier websites.
- Automates both the retrieval of answers and the verification process.
- Customizable Questionnaires and Contexts
- Users can adapt sample question files (e.g., supplier_questions.tsv, supplier_questions.xlsx) to their specific needs.
- A context.tsv file specifies supplier websites from which Claude retrieves answers.
- Verification & Cross-Referencing
- Even if suppliers provide responses, the AI can verify them by comparing them against publicly available data from supplier websites.
- Example Use Case
- Scenario: Evaluating Sentry for ISO 27001 and SOC2 certifications.
- Outcome: AI confirms certifications based on data retrieved from predefined websites and provides additional security insights.
How It Works
- Setup
- initialise and configure your Anthropic account to use Claude.
- Prepare files
- Question Files: Specify the due diligence questions (e.g., “Is the supplier ISO 27001 certified?”).
- Context File: List supplier websites where AI can search for answers.
- Processing
- The script reads the questions and corresponding websites.
- Claude processes the context and generates answers.
- Output
- The script matches questions with AI-generated answers.
- Provides detailed insights, URLs for reference, and notes.

Based on the provided resources:
ISO 27001: Yes, Sentry is ISO 27001 certified.
SOC2: Yes, Sentry maintains SOC 2 Type II certification.
Additional notes:
- Sentry undergoes regular third-party audits to maintain these certifications
- Their security certifications are verified annually
- They maintain compliance with multiple international standards and frameworks
- Certifications cover their application monitoring and error tracking services
URL resources:
- Security certifications overview: https://sentry.io/security/
- Detailed compliance information: https://sentry.io/trust/
- You can request their security documentation and certificates by contacting security@sentry.io
and the code logic extracts the answers and matches those with the questions to this result:

Enhancing Your Due Diligence Practices
If you’re developing or revising your supplier due diligence questionnaires, consider these resources for inspiration:
- Cloud Security Alliance – CAIQ v4
- UpGuard – Vendor Due Diligence Questionnaire Templates
- Diligent – Supplier Due Diligence Resources
- Sample Supplier Diligence Questionnaire
Why Use AI for Supplier Due Diligence?
- Efficiency
- Automates a labor-intensive process.
- Reduces dependency on supplier cooperation for answering questionnaires.
- Accuracy
- Ensures responses are backed by verifiable data from supplier websites.
- Minimizes human error in data collection and analysis.
- Scalability
- Handles large-scale supplier assessments simultaneously.
- Easy to customize for diverse industries and supplier types.
- Transparency
- Provides references and clear documentation for audit trails.
Conclusion
Supplier due diligence is critical to mitigating business risks and ensuring a secure supply chain. By leveraging AI-powered automation to find answers for supplier due diligence questions, your team can:
- Save time.
- Enhance reliability and accuracy of assessments.
- Focus on strategic decision-making instead of manual data collection.
This approach modernizes due diligence processes and strengthens your organization’s risk management capabilities.
Leave a Reply