Your vendor's vendors are your problem too.
When 247 of your vendors run on the same sub-processor, that's not their concentration risk — it's yours. Subcontractor Insights maps fourth-party dependencies, surfaces concentration, and visualizes cascading risk.
Fourth-party visibility, finally.
Fourth-party concentration analysis
See which sub-processors appear most often across your vendor base. When 247 vendors run on AWS and your AWS region goes down, that's your exposure — not theirs. We surface concentration before an incident proves it.
- Sub-processor concentration ranking
- Geographic + region clustering
- Critical-path dependency mapping
Sub-processor disclosure tracking
GDPR Article 28 requires vendors to disclose sub-processors. We track every vendor's published list, alert on changes, and tie new sub-processors back to your concentration analysis automatically.
- GDPR Article 28 compliance built in
- Auto-detect new sub-processor additions
- Vendor change-log audit trail
Cascading risk visualization
When a fourth party has an incident, see immediately which of your vendors are affected — and which of your business processes those vendors support. One graph traversal, full impact picture.
- Live incident impact mapping
- Vendor → business process linkage
- One-click examiner-ready report
Three steps from setup to value.
Map sub-processors
We auto-import sub-processor lists from each vendor's published disclosures. Manual additions for vendors that don't publish are supported.
Run concentration analysis
See your full fourth-party landscape. Concentration is ranked by vendor count, by tier, and by business process dependency — so you know where the real risk lives.
Get cascading alerts
When a fourth party has a material incident, every dependent vendor and business process surfaces. You see the blast radius before procurement asks.
"We didn't realize 60% of our Tier 1 vendors funnel through three identity providers. When one of those had an outage last quarter, we already had the impact picture before the news cycle started."