▲ 11 r/grc
How do your catch vendor-side changes in practice?
I mean things like subprocessor list updates, processing location changes, DPA / trust page updates, or new AI disclosures from vendors.
How you ensure that vendors of your vendors are compliant? Is this a thing or nobody thinks about 2-level vendor compliance
Do you mostly rely on vendor notices, periodic review, or some other workflow?
u/marcin_codes — 8 days ago