A practical checklist for a Claude security review: the data, access, compliance, and contractual questions to run before signature, and how to fold them into the commercial negotiation while you still hold leverage.
A security review of Anthropic is, in practice, a structured way of answering one question: can this organization run the workloads we intend on Claude without taking on risk our policies do not allow? The mistake teams make is treating the review as a box checking exercise that runs in parallel with the commercial deal and never touches it, when the two are deeply connected. The security findings shape what you are willing to sign, and the commercial negotiation is the moment you have the leverage to get the security commitments you want written into the agreement. A review that produces a clean report but no contractual protections has done half the job. This checklist is organized around the areas a serious review covers, with an emphasis throughout on turning each finding into a commitment in the document rather than a reassurance in a meeting, and on timing the review so it informs the negotiation rather than trailing behind it.
Start where the risk concentrates, which is what happens to the data you send and receive. The core questions are whether your inputs and outputs are used to train models, how long your data is retained and for what purpose, and what the permitted operational uses of your data are. For commercial enterprise use the default is favorable, your data is not used to train models, but a review confirms this for your specific agreement rather than assuming it, and treats training and retention as separate questions because a clear answer on one does not answer the other. Equally important is establishing which product terms apply to your usage, since an enterprise may touch more than one offering and the data terms can differ between them. The output of this section is not a yes or no, it is a precise understanding of the data lifecycle, captured in language that can be reflected in the contract, so the protections you rely on are enforceable rather than merely stated.
The next area is who can reach your data and under what controls. A review should establish how access is restricted internally at the vendor, what authentication and access controls are available to you as a customer, and how your usage is isolated. On your own side, the review extends to how your team will administer the deployment: how seats and keys are provisioned and revoked, how you enforce single sign on and role based access, and how you ensure that the controls you require are actually configured rather than merely available. Access risk is frequently as much about your own administration as about the vendor, so a complete review covers both the vendor's controls and your operational discipline in using them. The aim is to be able to state, with evidence, who can see your data, how that access is governed, and how you would detect and respond to access that should not have happened.
Most enterprise reviews require independent evidence rather than self assertion, and this is where attestations and certifications come in. Request the relevant reports and certifications, the kind a security team expects from any serious vendor, and read them rather than merely collecting them, because the value is in the scope and the findings, not in the existence of a document. Confirm that the scope of any attestation actually covers the products and services you intend to use, since a certification that excludes the specific offering you are buying provides less assurance than it appears to. Where your industry imposes specific obligations, healthcare, financial services, public sector, the review checks that the vendor can meet them and that any required arrangements are in place. The output is a documented basis for trusting the vendor's controls, grounded in independent evidence whose scope you have actually verified rather than assumed.
For many buyers, where data is processed and stored is not a preference but a legal requirement, and the review must establish what residency options exist and whether they satisfy your obligations. This is especially acute for organizations operating across borders or under regimes that constrain where regulated data may go. The review should determine the available regional options, confirm they cover the jurisdictions you are bound to, and capture any residency commitment in the agreement so it is enforceable rather than aspirational. Residency is one of the areas where a default may not match your requirement, so it deserves explicit attention rather than an assumption that the standard configuration will do. Establishing this early also matters commercially, because if a residency requirement constrains your options it shapes the deal, and you want to know that before the commercial terms are set rather than discover it afterward.
A review should not assume nothing will ever go wrong, it should establish what happens when something does. That means understanding the vendor's commitments around availability and how incidents are communicated to you, what your obligations and options are if there is a security event, and how you would maintain continuity if the service were disrupted. For a workload that becomes important to your operations, the continuity question is real: what is your fallback, how quickly could you invoke it, and what does the agreement say about notification and support during an incident. These are not reasons to avoid the vendor, they are the ordinary diligence of depending on any external service, and capturing the relevant commitments in the agreement is part of converting the review into enforceable protection rather than a hopeful assumption that incidents will be handled well.
This is the step that separates a review that protects you from one that merely informs you. Every material finding, the data handling commitments, the access controls, the residency arrangement, the incident notification expectations, should be reflected in the binding agreement rather than left to a policy page or a verbal assurance. The reason to insist on this is not distrust, it is that the things you rely on belong in the document where they are enforceable and durable, and a policy that is described one way today can be described differently later unless it is contractually fixed. The practical discipline is to maintain a list of the commitments your review requires and to treat getting them into the agreement as a deliverable of the negotiation, not an optional extra. A review whose findings never make it into the contract has identified the risks without securing the protections, which is the most common way that thorough security work fails to actually reduce risk.
The single most valuable piece of timing advice is to run the security review on a schedule that lets it inform the commercial negotiation, because the leverage to get security commitments written into the agreement is highest before signature, while the deal is still open. A team that closes the commercial terms first and then tries to tighten the data, access, and residency language afterward has surrendered the leverage that came from the deal not yet being done. The security review and the commercial negotiation should run together, so that the protections your review requires are secured at the same moment you are negotiating the rate and the term, as part of one coherent deal rather than two disconnected workstreams. This is also where the commercial and security interests align: the same diligence that protects you on data and access strengthens your overall position, and a buyer who arrives at the table with a clear, evidenced set of security requirements is taken more seriously on every dimension of the deal, including price. The review is not a hurdle before the negotiation, it is part of the negotiation, and treating it that way is how you get both a secure deployment and a well negotiated agreement.
A security review is only as valuable as the protections it secures, and the protections are secured in the contract, during the negotiation, not after it. We run the review and the commercial negotiation together so the findings become enforceable terms and the deal is strong on price and protection alike. To run yours with us, book a call, and read the pillar guide, the token optimization playbook, for the full framework. This page is general guidance for buyers and not legal advice.
Book a strategy call. We will run the security review alongside the negotiation so the findings become enforceable terms.
Book a Strategy CallWeekly intelligence on Anthropic pricing moves and the buyer side counters that work.