No sensitive data in the first check; start with data classes, sources and owners.
Security & Procurement
Clarify security and procurement before the AI pilot.
For US and international teams that do not want a useful AI initiative to stall in security review, procurement or privacy review. Tirion surfaces data classes, roles, review gates and vendor material early.
Available for procurement and privacy review after scope.
Microsoft 365/Azure-first; Azure OpenAI only after review.
No customer data needed in forms, score or early review.
Business owner, IT/security owner and approval boundaries are named.
Human review before sensitive processing, exceptions or pilot expansion.
Scope, sample SOW, FAQ, data handling notes and responsibilities.
Trust Center light
Fast review points for security, procurement and privacy.
This overview is built for early vendor and security review. Binding material is finalized after scope and data context are clear.
Start with system context, data classes and owners; no sensitive content ingest before review.
DPA/SCC questions are prepared in the vendor pack and specified after scope.
Microsoft 365/Azure-first; final tooling and hosting assumptions are set in review.
Subprocessor and provider questions are disclosed project-specifically before data is processed.
Forms and booking capture minimal context only, no customer data or confidential content.
Security or procurement questions move into the review path via Decision Call or contact.
Tools and subprocessors by phase
The concrete tool and provider set is finalized only after scope. Before that, security and procurement can review the operating phases.
Public pages, consent and technical delivery
No customer data or confidential project content.Name, email, company, role and voluntary context
No sensitive data and no customer documents.Meeting scheduling and calendar context
Conversation and contact metadata only.Decision memo, scorecard, roadmap and security one-pager
Sample material first, customer-specific versions only after scope.M365/Azure context, owners, data classes and review gates
Access or processing only after approval and documented scope.Data processing flow
- Public entry
Website, resource or AI Workload Check captures minimal context only.
- Triage
Tirion classifies use case, data class, owner and review need.
- Scope review
Roles, data access, DPA/SCCs and tooling are confirmed before deeper work.
- Execution
Customer-specific material, pilot scope or vendor pack is created only after review.
DPA/SCC request process
Send a procurement or security question via contact, Decision Call or one-pager.
Tirion clarifies scope, data classes, roles and affected systems.
DPA/SCC and vendor material are prepared for the agreed scope.
Approval, SOW and review gates are documented before project work.
Vendor and business details
- Tirion LLC, a US-registered limited liability company.
- Registered office: 30 N Gould St, Sheridan, WY 82801, United States.
- Vendor pack covers scope, roles, data handling notes, DPA/SCC questions and sample SOW structure.
- Final contracting, venue and review details are confirmed in the customer agreement.
What we do not need before scope
- No customer data, patient data or confidential documents.
- No admin access, tenant dumps or production data.
- No internal policy files in the first check if data classes and owners can be described.
- No tool or model decision before data class, approval and owner model.
Security, privacy and procurement questions go to kevin.geiger@tirion.cloud or through the contact form. They move into a review path, not a generic sales queue.
What does this security and procurement page clarify?
It explains how Tirion avoids sensitive data in the first review, prepares roles and access, addresses DPA/SCC questions and turns an AI use case into a procurement-ready decision pack.
Data handling
The first check does not require sensitive data. Tirion starts with patterns, data classes, system assumptions and owner context.
- No customer data in the AI Workload Check
- Data classes before access
- Sources and owners before ingest
- Review before sensitive processing
Tools and hosting assumptions
The work is Microsoft-first: Microsoft 365, Azure, identity, access, logging and operations are reviewed before tool or model decisions.
- Microsoft 365 and Azure context
- Azure OpenAI only after scope
- Identity and permissions as baseline
- No tool lock-in in the first check
Roles, access and review gates
AI may prepare, sort or summarize. Risk-relevant decisions need human review, clear owners and traceable approvals.
- Business owner
- IT/security owner
- Approval boundaries
- Evidence vault and review cadence
DPA, SCCs and vendor readiness
Tirion prepares typical procurement questions early: scope, data handling, responsibilities, DPA/SCCs, SOW and security review.
- DPA/SCCs available
- Sample SOW structure
- Vendor pack
- Procurement questions before budget commitment
What the vendor pack prepares
The buyer pack is designed to be forwarded internally before scope, procurement or security review slows the AI initiative down.
Security and procurement questions
Short answers for security, procurement and privacy review.
Does Tirion need sensitive data in the first check?
No. The AI Workload Check and first review work with data classes, process patterns, system context and owners.
Can Tirion provide DPA/SCC material?
Yes. DPA/SCC questions are addressed early in procurement context and can be prepared as part of the vendor pack.
Is Tirion legal counsel?
No. Tirion structures technical, operational and management decisions. Legal or privacy counsel remains responsible for legal assessment.
When should security be involved?
Before pilot scope. Data classes, roles, access and review gates should exist before an AI use case expands technically.
