LLM / AI Application Security RFP Template
Eight reusable sections covering scope, pricing, latency, integration, evaluation, residency, compliance and contract.
RFP sections (copy-paste)
1. Scope
Vendor shall provide runtime guardrail capabilities covering OWASP LLM Top 10 entries LLM01, LLM02, LLM05, LLM06, LLM07 at a minimum. Coverage of additional OWASP entries should be enumerated explicitly.
2. Pricing transparency
Vendor shall provide a written quote in USD per month for the proposed configuration. Where pricing is volume-tiered, vendor shall enumerate every tier breakpoint.
3. Latency
Vendor shall provide measured p50 and p95 latency in milliseconds for a representative payload of 1,000 chars across each filter type.
4. Integration
Vendor shall support SIEM ingestion via syslog or webhook out of the box. Vendor shall publish an OpenAPI spec for runtime APIs.
5. Evaluation
Vendor shall provide a published benchmark on a recognised dataset (HarmBench, JailbreakBench, or equivalent) with versioned results.
6. Data residency
Vendor shall confirm per-region processing, with EU residency as a hard requirement for EU AI Act scope.
7. Compliance
Vendor shall provide latest SOC 2 Type II report and ISO 27001 certificate. FedRAMP authorisation status shall be disclosed for federal scope.
8. Contract terms
Vendor shall provide list price for 1-year and 3-year commits. Vendor shall not require auto-renewal lock-ins beyond 60 days notice.
Scoring guidance
- Weight pricing transparency at 25 percent.
- Weight OWASP coverage at 30 percent.
- Weight latency at 15 percent.
- Weight integration depth at 15 percent.
- Weight compliance and residency at 15 percent.