OPSCOM Subprocessor Inventory and Data Processing Overview

OPSCOM maintains a comprehensive inventory of all third-party subprocessors that may process customer data as part of service delivery. This includes infrastructure providers, payment processors, and integrated service partners.

A current subprocessor list is available and includes, but is not limited to, the following categories and vendors:

Payment Processors:

Moneris, Stripe, Authorize.Net, OpenEdge (Edge Express), SchoolPay, PayPal, TouchNet, Bambora

Infrastructure Providers:

DigitalOcean

License Plate Recognition (LPR) & Enforcement Systems:

Survision (LPR technology provider), OnLogic (hardware platform supporting Pl8RDR deployments)

Each subprocessor is evaluated based on the nature of data processed, security posture, and compliance certifications. All subprocessors that handle personal or sensitive data are classified as high risk and critical impact and are subject to appropriate vendor management controls.

OPSCOM executes Data Processing Agreements (DPAs) or equivalent contractual provisions with subprocessors where applicable to ensure data protection obligations are clearly defined, including requirements for confidentiality, security controls, and breach notification.

Subprocessor information, including purpose of processing and data handling practices, is maintained internally and can be provided upon request. OPSCOM is in the process of formalizing a publicly accessible subprocessor disclosure as part of its ongoing security and compliance program enhancements.