Sub-Processor Collection
New: Sub-Processor Collection in VISO TRUST
To give you deeper insight into your vendor ecosystem, VISO TRUST now collects and displays sub-processor information for vendors that fall within your privacy program’s scope.
What is a Sub-Processor?
A sub-processor is any third-party vendor that a service provider (your vendor) uses to process personal data on your behalf. These sub-processors often provide infrastructure services (like cloud storage), specialized functions (like payment processing or analytics), or other operational support that involves access to customer data.
Tracking sub-processors is critical for maintaining transparency, assessing privacy risk, and ensuring compliance with data protection regulations such as GDPR and CCPA.
How It Works
If the Privacy risk dimension is enabled and in-scope for a relationship, VISO TRUST will now:
- Prompt vendors to provide a list of sub-processors, either by uploading a document (e.g., Sub-Processor Disclosure Statement) or by manually entering the information.
- Extract sub-processor evidence from other submitted artifacts, such as data processing agreements (DPAs), SOC 2 reports, or privacy policies.
- Display the sub-processor list directly in the platform for easier review and risk analysis.
Where to Find Sub-Processor Information
Privacy Risk Dimension
In the Risk Analysis tab of the Relationship Details Page, you’ll see the Privacy risk dimension. If sub-processor information is available, it will be listed under the Sub-Processor Management control domain.
Relationship Graph View
Sub-processors are also mapped in the Relationship Graph as nth parties. This gives you extended visibility into your vendors’ vendors, helping identify potential nth-party risk and areas where sensitive data could be further exposed.
