Marisa DiMuro

In 2016, the introduction of the General Data Protection Regulation (GDPR) drew attention to a vital component of an organization's security landscape: subprocessors. These critical elements within an organization's operations either have or may potentially gain access to production data, infrastructure resources, or customer information. Understanding the essential role that subprocessors play is fundamental to successfully managing data privacy and security.

Under the rules of GDPR, a legal prerequisite for compliance involves the establishment of Data Processing Agreements between an organization and its vendors. These agreements are put in place to promote transparency and ensure that all parties are held accountable for the data they manage. The GDPR has effectively forced organizations to scrutinize their subprocessors' security practices and perform due diligence through a vendor risk assessment or, as it is more commonly known, a questionnaire.

In the interconnected world of Software as a Service (SaaS), we must understand that each of us plays a role in the security web. It's crucial to acknowledge that a significant amount of data breaches occur through a third-party vendor. These breaches are not always detected immediately, leading to potentially disastrous consequences, as we saw from the Okta breach earlier this year.

The vast majority of organizations publish a static list of their subprocessors on their website as a means of keeping both potential and current customers informed. However, the updating of this list can often be a cumbersome process that requires extensive coordination between security, legal, and engineering departments. This task often involves adhering to an organization's intricate change management process.

Introducing the Subprocessors Feature

Today, we are thrilled to announce a solution to this issue: SafeBase’s new Subprocessors feature. This innovative function allows customers to effortlessly showcase their subprocessors in the Legal card of their SafeBase Security Portal. This user-friendly approach eliminates the need for filing a pull request to add a new subprocessor. Instead, your team can simply log into SafeBase and make the addition with just a few clicks, making the updating of a subprocessor list a breeze.

Subprocessors in the Legal card of your Security Portal

With our feature, all you need to do is search for the subprocessor, and it will instantly populate with the corresponding company logo and link. Once added, you have the freedom to include additional details about the subprocessor in the designated section. This segment can cover a variety of topics such as the subprocessor's purpose of processing, the types of data they have access to, or any other relevant information you wish to share.

However, the process does not end with the updating of your subprocessors. It's important to keep your customers in the loop about these changes by using a Trust Center Update. This function simplifies the process of communicating updates or changes to your customers and prospects, thereby maintaining your organization's commitment to security transparency.

SafeBase is enthusiastic about sharing this new subprocessor feature with our customers. We believe that this function will significantly contribute to building and maintaining trust with our clients. With cybersecurity breaches becoming increasingly prevalent, ensuring that your customers are informed about who has access to their data is more important than ever. Transparency and trust form the foundation of any successful business relationship, and SafeBase is committed to helping organizations foster and uphold these essential values.

SafeBase is the scalable Trust Center that automates the security review process between buyers and sellers. With a SafeBase Trust Center, companies can seamlessly share sensitive security documentation with buyers and customers, including streamlining the NDA signing process by integrating with your CRM and your data warehouse. 

If you’re ready to take back the time your team spends on security questionnaires, create a better buying experience, and position security as the revenue-driver it is, get in touch with us.