Security & Compliance
Lynx Compliance - Subprocessor Map
Track 4th-party / subprocessor relationships per vendor. Foundation for concentration-risk analysis (NIST SP 800-161 Rev 1) and for the data-flow disclosures Quebec Law 25 / GDPR Art 28 require.
lynx_compliance_subprocessor_map
· v19.0.1.5.2
· Premium
What this solves
Lynx Compliance - Subprocessor Map
Each vendor declares the subprocessors that touch your data on their behalf - hosting providers (AWS / GCP / Azure), email gateways (SendGrid / Postmark), MFA (Auth0 / Okta), payments (Stripe), CDNs (Cloudflare / Fastly), and so on. The map is what turns vendor assessments into a real fourth-party-risk picture: when 65% of your vendors run on AWS us-east-1, every us-east-1 outage is your outage.
This iter-1 ships the data model + UI. Later iterations layer the concentration scanner, criticality heatmap, and auto-finding for single-points-of-failure on top of this same data.
Key Features
Subprocessor records - lynx.subprocessor rows declared per vendor with service type, criticality tier, data categories, region.
Vendor smart-button - shows subprocessor count and opens the filtered list directly from the vendor assessment form.
Cross-link from contacts - any res.partner can be referenced as a subprocessor; declare once, reference from any vendor that uses it (concentration-risk evidence falls out by aggregation).
Privacy / data-residency tagging - data_categories and region fields produce the disclosures GDPR Art 28(2) / Law 25 cross-border-transfer require.
Integrates With
lynx_compliance_govern - extends lynx.vendor.assessment with the subprocessor_ids One2many.
lynx_compliance - subprocessor records can be the source of compliance.finding rows raised by future concentration scans.
Try Lynx Compliance - Subprocessor Map on your team.
Free trial, no credit card. Talk to sales when you're ready.