Vendor & Sub-processor Management Policy

Verification Expired

Updated today

โ€ข

2 min read

Purpose

Define how Perfect Wiki selects, onboards, monitors, and offboards third-party vendors โ€” particularly sub-processors that handle customer data.

Scope

All third parties that store, process, or transmit Perfect Wiki customer data, or that materially affect the security or availability of the Perfect Wiki service.

Selection criteria

  • Vendor publishes a clear security posture and has an industry-recognized certification (SOC 2, ISO 27001) or a credible equivalent.
  • Vendor's terms include a Data Processing Agreement compatible with GDPR.
  • Vendor's data-handling locations and sub-processors are acceptable for Perfect Wiki's data-residency commitments.
  • Vendor has a documented incident-notification process for customer-impacting events.

Onboarding

  1. Document the data category that will be shared with the vendor and the business purpose.
  2. Execute the vendor's standard contract, including DPA, with terms requiring confidentiality and security controls at least equivalent to Perfect Wiki's own.
  3. Add the vendor to the public Sub-processors page if it processes customer data.
  4. Notify customers in advance of new sub-processors per the DPA notice period; customers may object to new sub-processors per the DPA.

Ongoing monitoring

  • Subscribe to vendor security advisories and status pages.
  • Review the sub-processor list at least annually for continued necessity and acceptable risk.
  • Track vendor-side incidents that affect Perfect Wiki customer data; communicate to customers per the Incident Response Plan.

Offboarding

  • Disable access credentials promptly when a vendor relationship ends.
  • Confirm vendor returns or deletes customer data per the DPA and retain evidence of the deletion confirmation.
  • Update the Sub-processors page.

Current sub-processors

The current list of sub-processors is maintained on the Sub-processors list under the Trust Center.

Roles & responsibilities

  • CEO/CTO: Approves new sub-processors, performs annual reviews.

Review cadence

Reviewed annually; sub-processor list updated whenever a vendor changes.

Related Articles

Was this page helpful?