CyberCX Sub-processors
Third-Party Sub-processors
CyberCX uses the third parties to process Personal Information (also known as personal data) on our behalf and on behalf of our customers in accordance with our Privacy Policy and where relevant, our contractual agreements with our customers (each, a Sub-Processor).
CyberCX routinely reviews our Sub-Processors, and has ensured that any customer engagements that involve the cross-border transfer of personal information to a Sub-Processor is compliant with applicable privacy laws and data protection requirements. CyberCX only uses Sub-Processors that have demonstrated implementation of high quality protection and handling of personal information and in accordance with applicable privacy laws.
The table below sets out our current Sub-Processors (as updated from time to time), as they relate to our generally available Services.
As set out in our Privacy Policy, CyberCX collects and uses minimal amounts of Personal Information, and as such the processing of Personal Information with each Sub-Processor will be for the duration of the applicable Service we provide to a customer, with the exception of business contact information (being the details of our customer and its personnel that are necessary for us to maintain our business relationship).
In the table below,
“Business Contact Information” refers to a subset of Personal Information that relates to the details of CyberCX’s Customer’s personnel (such as their name, business contact number, business email address, position/title).
“End Customers” means individuals who are customers of CyberCX’s customer.
| Sub-processor | Nature and Purpose of Processing | Categories of personal data | Location of Processing | Security Measures |
| Amazon Web Services
|
Cloud hosting provider (storage of data obtained during and for the purposes of either CyberCX’s Digital Forensics & Investigation service, or its Security Testing services (as the case requires)) | Personal information of CyberCX’s End Customers that may be collected during a forensic engagement requested by CyberCX’s customer. | Processed in the local jurisdiction of CyberCX’s legal entity that contracts with CyberCX’s Customer (being Australia, New Zealand, United Kingdom, or USA) | AWS Compliance Programs |
| Microsoft Corporation | Cloud hosting provider | Business Contact Information transmitted or provided to CyberCX during the course of communications or engagements with CyberCX. | Australia and USA | Microsoft Trust Centre |
| Salesforce, Inc. | Administration of customer relationships and engagement with CyberCX’s customers and their personnel | Business Contact Information transmitted or provided to CyberCX during the course of communications or engagements with CyberCX.
|
Australia and USA | Salesforce Trust Centre
See also Salesforce Privacy |
| Atlassian | Jira product – for issue and project tracking | Personal information required for a CyberCX managed service to operate (such as email addresses (where it uses a person’s name as its structure), IP address, or personal information contained in an email subject line). | Australia | Atlassian Trust Centre |
| Confluence product – knowledge management and customer engagement | Business Contact Information | Australia | Atlassian Trust Centre | |
| ServiceNow, Inc. | Administration of customer engagements (service related requests) with CyberCX | Business Contact Information | Australia |
ISO27001 certified and aligned with ISO27002 – more details via ServiceNow’s website. |
CyberCX Group Sub-processors
The following CyberCX Group companies are sub-processors providing technical and operational support. CyberCX employees may be located in any of:
| Entity | Relevant Service Lines | Entity Country |
| CyberCX New Zealand Limited | Security Testing & Assurance (STA);
Digital Forensics & Investigation (DFIR); and Managed Security Services (MSS) (limited to engagements where a 24×7 eyes on glass solution is requested, or another transnational solution model) |
New Zealand |
| CyberCX UK Ltd; | Security Testing & Assurance (STA);
Digital Forensics & Investigation (DFIR); and Managed Security Services (MSS) (limited to engagements where a 24×7 eyes on glass solution is requested, or another transnational solution model) |
United Kingdom |
| CyberCX Pty Ltd | All CyberCX provided Services | Australia |
| CQR INC. (trading as CyberCX USA INC.) | Security Testing & Assurance (STA); and
Digital Forensics & Investigation (DFIR) |
USA |