Skip to content
Log in

Subprocessor

Definition

A third party engaged by a vendor (the processor) to perform part of the service that involves the organisation's data. Under GDPR and India's DPDP Act 2023, the controller's data protection obligations flow down to subprocessors, so a TPRM programme must extend to subprocessors of critical vendors, not just the vendor itself.

Related terms

Due diligence questionnaire (DDQ)
A structured questionnaire sent to a prospective vendor before onboarding, asking the vendor to describe its security controls, certifications, incident history, subprocessor...
Offboarding controls
The set of actions taken when a vendor relationship ends: revoking access credentials, recovering or destroying shared data, terminating network connectivity, and...
Right-to-audit clause
A contractual provision that gives the organisation the right to audit or assess the vendor's security controls, either directly or through a...
Third-party risk
The information security, operational, legal, or reputational risk introduced to an organisation by its relationships with external parties including vendors, suppliers, cloud...
Vendor tiering
The classification of vendors into risk tiers, typically Tier 1 (critical), Tier 2 (significant), and Tier 3 (low), based on factors such...

Explained in

  • Third-Party Risk Management ProgrammeA third party engaged by a vendor (the processor) to perform part of the service that involves the organisation's data. Under GDPR and India's DPDP Act 2023, t...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account