AI Inventory

AI Inventory Template: Complete Guide

Step-by-step guide to building a complete AI systems inventory. Includes templates, examples, and best practices for documenting third-party and internal AI systems.

Published: January 2025

Introduction

A complete AI systems inventory is the foundation of your Evidence Pack. It documents all AI systems in use, including third-party tools and shadow usage.

This guide provides a step-by-step approach to building your inventory, with templates and examples you can use.

What to Include

Your AI inventory should capture the following information for each system:

Required Fields

• System Name: Clear, descriptive name
• Purpose: What the system is used for
• Type: Third-party, internal, or both
• Vendor/Provider: If third-party, who provides it
• Risk Classification: High, limited, or minimal risk
• Data Types: What data the system processes
• Owner: Who is responsible for the system
• Status: Active, deprecated, or in development

Discovery Process

Finding all AI systems in use can be challenging. Use these approaches:

1. Survey Teams

Survey all teams about AI tools they use. Ask about customer support tools, analytics platforms, content generation, and automation tools.

2. Review Vendor Contracts

Review contracts with vendors to identify AI-powered features. Many SaaS tools include AI capabilities that may not be obvious.

3. Check Shadow AI

Look for unsanctioned AI usage. Check for ChatGPT, Claude, or other AI tools used without formal approval. See our Shadow AI Discovery guide.

4. Review Code and Infrastructure

Review code repositories and infrastructure for AI model usage, API calls to AI services, and ML pipelines.

Inventory Template

Example Entry

System Name: Customer Support Chatbot

Purpose: Automated customer support responses

Type: Third-party

Vendor: SupportBot Inc.

Risk Classification: Limited risk

Data Types: Customer messages, support tickets

Owner: Support Team Lead

Status: Active

What to Export as Evidence

Your AI inventory should be exportable in multiple formats:

Complete inventory as a table or spreadsheet
Summary by risk classification
Summary by owner or team
Third-party vs internal breakdown

Include the inventory as a section in your Evidence Pack PDF.

Best Practices

Be Comprehensive

Include all AI systems, even if they seem minor. Incomplete inventories raise questions with procurement teams.

Keep It Updated

Update your inventory whenever you add, remove, or change AI systems. Maintain a change log.

Document Shadow AI

Don't ignore shadow AI. Document it and establish governance. It's better to acknowledge and manage it than to have it discovered during a review.

Checklist

✓ All AI systems documented
✓ Third-party tools included
✓ Shadow AI usage documented
✓ Each system has an owner
✓ Risk classifications assigned
✓ Data types documented
✓ Inventory is exportable
✓ Change log maintained

Related Resources

Learn about Evidence Packs

Shadow AI Discovery Guide

Risk Classification Guide

Frequently Asked Questions

Related resources

→ Evidence Pack → Standards → Certification → All Resources