Tenali AI Docs
Security & Privacy

Subprocessors and Vendors

How to communicate vendor responsibilities, review cadence, and change-management expectations.

Customers need transparency on which external providers support service delivery and what safeguards govern those relationships.

Subprocessor Governance

  • Maintain a current inventory of customer-data-impacting vendors.
  • Assess security posture before onboarding new vendors.
  • Track contractual obligations for privacy and security.

Customer-Facing Information

Provide at minimum:

  • vendor name and function,
  • data categories handled,
  • region/transfer considerations,
  • notification process for material changes.

Review Cadence

  • Revalidate subprocessor controls on a fixed cadence.
  • Reassess when vendors change processing scope.
  • Update customer-facing documentation after approved changes.

Escalation Triggers

  • New vendor touching customer content
  • Major vendor incident affecting confidentiality/integrity/availability
  • Customer contractual requirement for pre-approval notifications

Was this page helpful?

Access Controls and Auditability

Role model, privileged access handling, and audit evidence expectations for enterprise buyers.

Security Review Process

Runbook for sales, security, and legal teams to answer enterprise security reviews efficiently.

On this page

Subprocessor GovernanceCustomer-Facing InformationReview CadenceEscalation Triggers