They often list vendors without explaining what those vendors actually do, how they affect control outcomes, or where accountability sits. That leaves auditors guessing about trust boundaries. Strong documentation names the service provided, its relevance to operations, and whether the vendor’s controls are relied on directly.
#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.