Trust
Subprocessor Register
Review the decision, evidence, boundaries, and next step for this route.
ForPeople conducting policy, privacy, security, or access review
FocusControls, ownership, evidence, and review paths
CONTROL RECORD
A policy names its scope, evidence state, limit, and correction path.
- 01Scope
- 02Owner
- 03Evidence state
- 04Review / correct
Current register
Review healthcare data posture
Ask a subprocessor question
Before a provider enters an approved production flow, the register records its legal name, service, purpose, data classes, subjects, systems, countries and regions, transfer basis where required, client visibility, access, retention/deletion, security and incident terms, subcontracting, contract owner, evidence state, approval date, last review, change notice, and exit plan.
A product evaluation, account, working model, integration seam, development dependency, or marketing claim does not approve a provider. Approval is tied to an actual purpose, data flow, contract, configuration, decision owner, evidence review, and client obligations. Providers that do not process client production data remain outside this production register but are still governed internally as appropriate.
The actual agreement will define any client notice, objection, or transition rights. Notice timing follows the applicable agreement and recorded data-flow owner. A material provider or data-flow change is reviewed before production use and added with an effective date and owner.
Table — scroll horizontally to review every column.
| Provider | Service | Data/purpose | Region | State |
|---|---|---|---|---|
| — | — | — | — | No production subprocessor approved |