Guidelines for Sub-Processors
Last updated: November 12, 2025
Korl Inc. uses carefully selected sub-processors to help deliver and support our cloud-based services. Each sub-processor performs a limited, clearly defined function such as cloud hosting, infrastructure management, or operational support.Our Standards
Korl maintains strict standards for security, confidentiality, and processing integrity consistent with our SOC 2 Type I report and the AICPA Trust Services Criteria.
Before engaging any sub-processor, we:
- Conduct security and privacy due-diligence reviews (including assessment of SOC 2 or equivalent certifications).
- Require contractual commitments around confidentiality, data protection, and breach notification.
- Ensure sub-processors use encryption and access controls consistent with Korl’s internal policies.
- Re-evaluate sub-processors at least annually as part of our vendor-management process.
Oversight and Updates
Korl monitors sub-processor compliance through periodic reviews, attestations, and incident-response coordination.
We update this page whenever material changes occur to our sub-processor relationships.
For questions, please contact [email protected].