Ambassify carefully evaluates and monitors every vendor and third party that handles data on our behalf. We hold our partners to the same high standards we set for ourselves, ensuring your data stays protected across the supply chain.

Vendor Assessment

Every vendor undergoes a thorough review before they gain access to any confidential data.

  • Security Evaluation - A comprehensive security assessment is completed before engaging any vendor that handles confidential or sensitive data
  • Written Agreements - All vendors accessing sensitive information must sign appropriate data processing or security agreements
  • Exception Handling - Any deviation from standard vendor requirements must be explicitly authorized by the CISO

Security Standards for Vendors

We set clear security expectations for every vendor we work with.

  • GDPR Compliance - All vendors must demonstrate compliance with the General Data Protection Regulation
  • Certification Preference - Vendors with ISO 27001 or SOC 2 Type II certification are preferred
  • EU-based Preference - We favor EU-based vendors to reduce geopolitical and data transfer risks
  • Contractual Obligations - Security requirements are embedded in vendor contracts and reviewed regularly

Ongoing Monitoring

Vendor relationships are actively managed throughout their lifecycle.

  • Annual Review - Each vendor’s security posture is reviewed at least once per year
  • Service Monitoring - Vendor service delivery is monitored against agreed performance and security standards
  • Change Assessment - Any changes to vendor services are evaluated for potential security impact before acceptance

Sub-processor Management

We maintain full transparency about the sub-processors involved in delivering our service.

  • Public Sub-processor List - A complete list of sub-processors is publicly available at /subprocessors.html
  • Change Notification - You can subscribe to receive notifications when sub-processors are added or changed via our subscription form
  • Due Diligence - Every sub-processor undergoes the same security assessment as any other vendor
  • Contractual Safeguards - Data processing agreements are in place with all sub-processors

Supply Chain Security

We actively manage risks across our technology supply chain.

  • Risk Assessment - Technology supply chain risks are identified, assessed, and managed as part of our broader risk program
  • Dependency Tracking - Vendor dependencies are tracked and reviewed to identify concentration risks
  • Contingency Planning - Contingency plans are in place for critical vendor disruptions to ensure service continuity