In 2016, the GDPR raised awareness of a vital component of an organization’s security: subprocessors. Subprocessors play a critical role in an organization's operations that have or potentially will have access to production, infrastructure, or customer data. A part of GDPR compliance is the legal requirement that Data Processing Agreements are in place between an organization and its vendors to ensure transparency.
The GDPR has forced organizations to think about the security of their subprocessors by performing due diligence through a vendor risk assessment or, as we know it best, a questionnaire. It’s important to understand that we’re all a part of the security web, especially in the SaaS world. A significant amount of data breaches occur through a third-party vendor and are not always detected immediately, as we saw from the Okta breach earlier this year.
Most organizations have a static subprocessor list published on their website to inform potential and current customers. Typically updates to this page is a tedious process that requires coordination between security, legal, and engineering and following an organization’s change management process. Today we are happy to announce SafeBase’s new Subprocessors feature, which allows customers to easily display their subprocessors in the Legal card of their SafeBase Security Portal. Instead of having to file a pull request to add in a new subprocessor, security and legal teams simply have to login to SafeBase and make the addition with just a few clicks. Updating a subprocessor list has never been easier.
Simply search for the subprocessor and watch it magically populate with the corresponding company logo and link. Once added, you can freely add text in the “Additional Details” section. This section can describe the purpose of processing, the data they have access to or anything else you’d like to share.
After updating your subprocessors, don’t forget to notify your customers with a Trust Center Update. A Trust Center Update makes it easy to communicate changes or updates with your customers and prospects. Continue to maintain your organization’s security transparency by publishing an update today! SafeBase is excited to share this subprocessor feature with our customers because we know this is a large part of building and maintaining trust with customers.