Third Party Subprocessors

What is a Third-Party Subprocessor?

A subprocessor is a third-party vendor CIS uses to process data on behalf of our customers, who are the data controllers of that data.

Purposes for which CIS collects and Uses Personal Information

  • Providing you with the CIS applications, information, and websites for which you have registered, as well as any products or services, or support requested;
  • Publish listings of CIS SecureSuite members and CIS Controls Supporters on our website which, in the case of individual members, includes names and organizational affiliations;
  • Publish testimonials of CIS products and service on our website provided by individuals, which would include name, title and affiliate organization;
  • Gain a better understanding how our website, product or services are being used so that we can improve them and engage with users;
  • Diagnosing problems;
  • Sending you business messages and marketing related to payments or expiration of subscriptions;
  • Sending you information about CIS products, services, opportunities, updates, advisories, special offers, and similar information;
  • Conducting market research about our customers, and the effectiveness of our marketing campaigns.

Purposes for which CIS collects and Uses Non-Personal Information

  • The type of browser and operating system you use when you visit this site;
  • The date and time when you visit this site;
  • The webpage and services you access at this site;
  • The forms that you download from this website;
  • Additionally, non-personal information such as a company or governmental entity name and address. IP address may be provided when registering or signing up for CIS products or services. This information is used to determine eligibility for certain products or services.

CIS’s Process for Contracting with Third-party Subprocessors

CIS requires its third-party subprocessors to satisfy equivalent obligations as those required from CIS:

  • process personal data following data controller’s documented instructions;
  • in connection with the subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, under applicable data protection laws;
  • promptly inform CIS about any security breach; and
  • cooperate with CIS to address requests from data controllers, data subjects, or data protection authorities, as applicable.

 

The following table describes the countries and legal entities engaged in the processing and storage of personal data by CIS acting as a data processor on behalf of its customers, the data controllers.

 

CIS Authorized Third-Party Subprocessors

Third Party Recipients

Purpose

Personal Information Collected, Purposes, and Retention

Location

Third Party Privacy Policy and Additional Resources

Amazon Web Services, Inc.

Cloud Service Provider

Amazon Web Services, Inc. is a cloud service provider.

 

Your general personal information will be processed by Amazon Web Services, Inc. for storage purposes for the period necessary to fulfill the purposes outlined in the CIS Privacy Notice and in accordance with applicable law.

United States

Privacy Notice

 

AWS Security Documentation

Microsoft, Inc

Cloud Service Provider and associated products

Microsoft offers a wide range of products, including cloud service products.

 

Your general personal information will be processed by Microsoft, Inc. for storage purposes for the period necessary to fulfill the purposes outlined in the CIS Privacy Notice and in accordance with applicable law.

United States

Privacy Statement

Sitecore

Digital Experience Platform

Sitecore is a digital experience platform.

 

Your general personal information will be processed by Sitecore, Inc. for storage purposes for the period necessary to fulfill the purposes outlined in the CIS Privacy Notice and in accordance with applicable law.

United States

Privacy Policy

 

Trust Center

Google, LLC

Cloud Service Provider and associated products

Google offers a wide range of products, including cloud service products.

 

Your general personal information will be processed by Google, LLC. for storage purposes for the period necessary to fulfill the purposes outlined in the CIS Privacy Notice and in accordance with applicable law.

United States

Privacy Policy

 

Safety Center

LinkedIn Sales Navigator

Lead generation and pipeline management

LinkedIn offers a wide range of products, including lead generation and pipeline management.

 

Your general personal information will be processed by LinkedIn for storage purposes for the period necessary to fulfill the purposes outlined in the CIS Privacy Notice and in accordance with applicable law.

United States

Privacy Policy

 

Trust & Compliance

Salesforce

Customer relationship management

Salesforce offers customer relationship management.

 

Your general personal information will be processed by Salesforce for storage purposes for the period necessary to fulfill the purposes outlined in the CIS Privacy Notice and in accordance with applicable law.

United States

Privacy Statement

 

Trust

Oracle

Cloud Service Provider and associated products

Oracle offers a wide range of products, including cloud service products.

 

Your general personal information will be processed by Oracle for storage purposes for the period necessary to fulfill the purposes outlined the CIS Privacy Notice and in accordance with applicable law.

United States

Privacy Policy

 

Security Practices

Snowflake

Data pipeline

Snowflake offers data pipeline products.

 

Your general personal information will be processed by Snowflake for storage purposes for the period necessary to fulfill the purposes outlined in the CIS Privacy Notice and in accordance with applicable law.

United States

Privacy Notice

 

Security and Trust Center

Zoom

Video communications platform

Zoom offers a video communication platform and associated products.

 

Your general personal information will be processed by Zoom for storage purposes for the period necessary to fulfill the purposes outlined in the CIS Privacy Notice and in accordance with applicable law.

United States

Privacy Statement

 

Compliance

Fivetran

Data integration tools

Fivetran offers data integration tools.

 

Your general personal information will be processed by Fivetran for storage purposes for the period necessary to fulfill the purposes outlined in the CIS Privacy Notice and in accordance with applicable law.

United States

Privacy Notice

 

Security

Cyware

Security Orchestration and Automation (SOAR) Platform

Cyware provides services to improve security operations, automate cross-functional workflows, and accelerate threat response with Cyware’s vendor-neutral, low-code Security Orchestration, Automation, and Response (SOAR) solution.

 

Your information will be processed by Cyware for SOAR solutioning for the period necessary to fulfill the purposes outlined in the CIS Privacy Notice and in accordance with applicable law.

United States

Privacy Policy

 

 

Compliance

Securonix

SIEM Platform

Securonix provides a SIEM Platform solution.

 

Your information will be processed by Securonix for SIEM solutioning for the period necessary to fulfill the purposes outlined in the CIS Privacy Notice and in accordance with applicable law.

United States

Privacy Policy

Crowdstrike

Intrusion Detection Monitoring

Crowdstrike provides Intrusion Detection Monitoring.

 

Your information will be processed by Crowdstrike for monitoring for the period necessary to fulfill the purposes outlined in the CIS Privacy Notice and in accordance with applicable law.

United States

Privacy Notice

Qualtrics

Survey Tool

Qualtrics provides a Survey Tool.

 

Your information will be processed by Qualtrics for surveys for the period necessary to fulfill the purposes outlined in the CIS Privacy Notice and in accordance with applicable law.

United States

Privacy Policy

 

 

Security Statement

Optimizely Marketing Tool Optimizely provides Marketing Tools.

Your information will be processed by Optimizely relating to the marketing experience on the CIS website for the period necessary to fulfill the purposes outlined in the CIS Privacy Notice and in accordance with applicable law.

United States
Privacy Notice


Trust Center

 

Date of Change

Change

Notes

07/22/2024 Added Optimizely
This tool enables CIS to optimize the marketing experience on the CIS website.

03/21/2024

Added Qualtrics

This service enables CIS to create surveys that are sent to members.

09/11/2023

Added Cyware, Securonix, Crowdstrike

These are subprocessors that assist in providing services to members in select instances based on CIS offerings.

04/01/2023

Added Snowflake, Oracle, Zoom, and Fivetran as subprocessors