Start check

Security & Procurement

Clarify security and procurement before the AI pilot.

For US and international teams that do not want a useful AI initiative to stall in security review, procurement or privacy review. Tirion surfaces data classes, roles, review gates and vendor material early.

Data handling

No sensitive data in the first check; start with data classes, sources and owners.

DPA/SCCs

Available for procurement and privacy review after scope.

Tooling/hosting

Microsoft 365/Azure-first; Azure OpenAI only after review.

No-sensitive-data

No customer data needed in forms, score or early review.

Roles

Business owner, IT/security owner and approval boundaries are named.

Review gates

Human review before sensitive processing, exceptions or pilot expansion.

Vendor pack

Scope, sample SOW, FAQ, data handling notes and responsibilities.

Trust Center light

Fast review points for security, procurement and privacy.

This overview is built for early vendor and security review. Binding material is finalized after scope and data context are clear.

Data flow

Start with system context, data classes and owners; no sensitive content ingest before review.

DPA/SCC

DPA/SCC questions are prepared in the vendor pack and specified after scope.

Tooling

Microsoft 365/Azure-first; final tooling and hosting assumptions are set in review.

Subprocessors

Subprocessor and provider questions are disclosed project-specifically before data is processed.

Forms & booking

Forms and booking capture minimal context only, no customer data or confidential content.

Security contact

Security or procurement questions move into the review path via Decision Call or contact.

Last updated: 2026-07-07

Tools and subprocessors by phase

The concrete tool and provider set is finalized only after scope. Before that, security and procurement can review the operating phases.

Website

Public pages, consent and technical delivery

No customer data or confidential project content.
Form

Name, email, company, role and voluntary context

No sensitive data and no customer documents.
Booking

Meeting scheduling and calendar context

Conversation and contact metadata only.
Documents

Decision memo, scorecard, roadmap and security one-pager

Sample material first, customer-specific versions only after scope.
Project work

M365/Azure context, owners, data classes and review gates

Access or processing only after approval and documented scope.

Data processing flow

  1. Public entry

    Website, resource or AI Workload Check captures minimal context only.

  2. Triage

    Tirion classifies use case, data class, owner and review need.

  3. Scope review

    Roles, data access, DPA/SCCs and tooling are confirmed before deeper work.

  4. Execution

    Customer-specific material, pilot scope or vendor pack is created only after review.

DPA/SCC request process

  1. Send a procurement or security question via contact, Decision Call or one-pager.

  2. Tirion clarifies scope, data classes, roles and affected systems.

  3. DPA/SCC and vendor material are prepared for the agreed scope.

  4. Approval, SOW and review gates are documented before project work.

Vendor and business details

  • Tirion LLC, a US-registered limited liability company.
  • Registered office: 30 N Gould St, Sheridan, WY 82801, United States.
  • Vendor pack covers scope, roles, data handling notes, DPA/SCC questions and sample SOW structure.
  • Final contracting, venue and review details are confirmed in the customer agreement.

What we do not need before scope

  • No customer data, patient data or confidential documents.
  • No admin access, tenant dumps or production data.
  • No internal policy files in the first check if data classes and owners can be described.
  • No tool or model decision before data class, approval and owner model.
Security contact

Security, privacy and procurement questions go to kevin.geiger@tirion.cloud or through the contact form. They move into a review path, not a generic sales queue.

What does this security and procurement page clarify?

It explains how Tirion avoids sensitive data in the first review, prepares roles and access, addresses DPA/SCC questions and turns an AI use case into a procurement-ready decision pack.

Data handling

The first check does not require sensitive data. Tirion starts with patterns, data classes, system assumptions and owner context.

  • No customer data in the AI Workload Check
  • Data classes before access
  • Sources and owners before ingest
  • Review before sensitive processing

Tools and hosting assumptions

The work is Microsoft-first: Microsoft 365, Azure, identity, access, logging and operations are reviewed before tool or model decisions.

  • Microsoft 365 and Azure context
  • Azure OpenAI only after scope
  • Identity and permissions as baseline
  • No tool lock-in in the first check

Roles, access and review gates

AI may prepare, sort or summarize. Risk-relevant decisions need human review, clear owners and traceable approvals.

  • Business owner
  • IT/security owner
  • Approval boundaries
  • Evidence vault and review cadence

DPA, SCCs and vendor readiness

Tirion prepares typical procurement questions early: scope, data handling, responsibilities, DPA/SCCs, SOW and security review.

  • DPA/SCCs available
  • Sample SOW structure
  • Vendor pack
  • Procurement questions before budget commitment

What the vendor pack prepares

The buyer pack is designed to be forwarded internally before scope, procurement or security review slows the AI initiative down.

Scope and deliverablesData handling notesRoles and client inputSecurity review FAQDPA/SCC questionsSample SOW

Security and procurement questions

Short answers for security, procurement and privacy review.

Does Tirion need sensitive data in the first check?

No. The AI Workload Check and first review work with data classes, process patterns, system context and owners.

Can Tirion provide DPA/SCC material?

Yes. DPA/SCC questions are addressed early in procurement context and can be prepared as part of the vendor pack.

Is Tirion legal counsel?

No. Tirion structures technical, operational and management decisions. Legal or privacy counsel remains responsible for legal assessment.

When should security be involved?

Before pilot scope. Data classes, roles, access and review gates should exist before an AI use case expands technically.