What Multi-Tenant Risk Looks Like on a Factory Floor
Multi-tenant means your data shares infrastructure with other customers. The risk is not just storage access. It is logging, fine-tuning pipelines, embeddings, and support tickets that can echo sensitive details like accelerators in a flooring system or moisture cure windows for sealants.
Treat this like handling trade secrets. Require written proof of isolation across storage, compute, logging, and people processes.
Non‑Negotiables for Data Isolation
Ask for concrete controls that match how your teams will use the system. Keep it simple and evidence based.
- Tenant boundary at storage and compute, including separate encryption keys per tenant with documented key rotation and revocation.
- Private networking, IP allow‑listing, and role based access. No shared service accounts for batch jobs.
- Redacted and scoped logs with time‑boxed retention that you can configure.
CISA’s joint guidance on deploying AI securely lists these as baseline engineering expectations that buyers should demand from providers. Use it to anchor your questions and your contract exhibits by linking to the guidance in your RFPs Deploying AI Systems Securely.
Draw a Bright Line on Training and Retention
Your resin recipes, mix orders, and claim narratives should not become anyone’s training data. Require the vendor to state in the contract that customer inputs, outputs, and derived artifacts are not used for model training or evaluation outside your tenancy unless you opt in.
Use the NIST Generative AI Profile to frame these boundaries. It calls for explicit documentation of data use, retention, and provenance checks across the AI lifecycle NIST Generative AI Profile. In 2026, vendor defaults still vary, so get the policy, the technical switch that enforces it, and an audit log that proves it stayed off.
Certifications That Actually Mean Something
Logos are marketing. Scope and evidence are assurance. Ask for an active ISO/IEC 27001:2022 certificate that explicitly includes the AI platform and supporting services, not just corporate IT. Confirm the statement of applicability and audit dates on the certificate registry page or the body that issued it ISO/IEC 27001:2022 overview.
Pair that with a recent SOC 2 report that covers Security, Availability, and Confidentiality. Verify the system boundary, subservice organizations, and whether controls around model training data, logs, and export are in scope AICPA SOC 2 overview.
Residency and Segmentation for Global Footprints
If you sell into the EU or host data there, require region pinned processing for prompts, files, and outputs. Ask how backup, telemetry, and incident response copy data across regions. For US plants feeding global sales, require a map that shows where embeddings, fine‑tunes, and vector stores live, including recovery sites.
Exit Options You Can Execute Under Pressure
Assume you will switch. Plan it on day one. Require self‑service export of prompts, completions, system messages, embeddings, fine‑tuned model artifacts, evaluation results, and access logs in documented, open formats. Run a 30‑day dry‑run every year.
The EU Data Act forces practical switching capabilities and phases out egress fees by January 2027, which is shaping global portability norms even for non‑EU buyers. Use those concepts to negotiate shorter transition windows and capped fees now Data Act explained.
Contract Language That Protects Formulations and Process Know‑How
Write it so your engineers can sleep.
- You own inputs, outputs, and derivatives, including embeddings and evaluation datasets.
- No training, testing, or benchmark use outside your project without written opt‑in.
- Prompt and file retention defaults to zero, with adjustable retention you control.
- Trade secret handling equals or exceeds your internal policy, with incident notification timelines that match breach obligations.
Tie every promise to a control, a log, and a remedy.
A Practical 90‑Day Pilot Pattern for 2026
Pick one narrow use case with low IP exposure. Good options include technical product Q&A on already published datasheets or guided selection inside your CPQ. Run the vendor in a private deployment mode, feed only scrubbed data, and mask any formulation fields.
Use the NIST profile as your control checklist and the CISA guidance as your build standard. Define success as an operational capability with isolation, monitoring, and a tested export, not just a demo that answers questions NIST Generative AI Profile and CISA baseline.
Red Flags That Warrant a Hard Pass
If the vendor cannot show tenant‑scoped keys, claims shared logging for “support,” refuses to contractually bar training on your data, or cannot demonstrate a working export within two weeks, do not proceed. If their ISO 27001 scope excludes the AI stack or their SOC 2 omits Confidentiality, you are accepting unnecessary risk.
What Good Looks Like in Materials Manufacturing
Your technical services team answers spec questions faster with a retrieval system that only reads published datasheets. Your operations team prototypes a foil‑safe quality trend model using anonymized sensor summaries. Your legal team holds a contract that encodes data isolation, training boundaries, and an exit that you have already rehearsed. You move forward with AI, and your competitors still have to guess your mix ratios.
