Applications for the CyberCX Academy: All-Women Cohort are now open →

CyberCX Sub-processors

decor
Third-Party Sub-processors

CyberCX uses the third parties to process Personal Information (also known as personal data) on our behalf and on behalf of our customers in accordance with our Privacy Policy and where relevant, our contractual agreements with our customers (each, a Sub-Processor).

CyberCX routinely reviews our Sub-Processors, and has ensured that any customer engagements that involve the cross-border transfer of personal information to a Sub-Processor is compliant with applicable privacy laws and data protection requirements. CyberCX only uses Sub-Processors that have demonstrated implementation of high quality protection and handling of personal information and in accordance with applicable privacy laws.

The table below sets out our current Sub-Processors (as updated from time to time), as they relate to our generally available Services.

As set out in our Privacy Policy, CyberCX collects and uses minimal amounts of Personal Information, and as such the processing of Personal Information with each Sub-Processor will be for the duration of the applicable Service we provide to a customer, with the exception of business contact information (being the details of our customer and its personnel that are necessary for us to maintain our business relationship).

In the table below,

Business Contact Information” refers to a subset of Personal Information that relates to the details of CyberCX’s Customer’s personnel (such as their name, business contact number, business email address, position/title).

End Customers” means individuals who are customers of CyberCX’s customer.

Sub-processor Nature and Purpose of Processing Categories of personal data Location of Processing Security Measures
Amazon Web Services

 

Cloud hosting provider (storage of data obtained during and for the purposes of either CyberCX’s Digital Forensics & Investigation service, or its Security Testing services (as the case requires)) Personal information of CyberCX’s End Customers that may be collected during a forensic engagement requested by CyberCX’s customer. Processed in the local jurisdiction of CyberCX’s legal entity that contracts with CyberCX’s Customer (being Australia, New Zealand, United Kingdom, or USA) AWS Compliance Programs 
Microsoft Corporation Cloud hosting provider Business Contact Information transmitted or provided to CyberCX during the course of communications or engagements with CyberCX. Australia and USA Microsoft Trust Centre 
Salesforce, Inc. Administration of customer relationships and engagement with CyberCX’s customers and their personnel Business Contact Information transmitted or provided to CyberCX during the course of communications or engagements with CyberCX.

 

Australia and USA Salesforce Trust Centre

 

See also Salesforce Privacy

Atlassian Jira product – for issue and project tracking Personal information required for a CyberCX managed service to operate (such as email addresses (where it uses a person’s name as its structure), IP address, or personal information contained in an email subject line). Australia Atlassian Trust Centre
Confluence product – knowledge management and customer engagement Business Contact Information Australia Atlassian Trust Centre
ServiceNow, Inc. Administration of customer engagements (service related requests) with CyberCX Business Contact Information Australia

ISO27001 certified and aligned with ISO27002 – more details via ServiceNow’s website.

decor
CyberCX Group Sub-processors

The following CyberCX Group companies are sub-processors providing technical and operational support. CyberCX employees may be located in any of:

Entity Relevant Service Lines Entity Country
CyberCX New Zealand Limited Security Testing & Assurance (STA);

Digital Forensics & Investigation (DFIR); and

Managed Security Services (MSS) (limited to engagements where a 24×7 eyes on glass solution is requested, or another transnational solution model)

New Zealand
CyberCX UK Ltd; Security Testing & Assurance (STA);

Digital Forensics & Investigation (DFIR); and

Managed Security Services (MSS) (limited to engagements where a 24×7 eyes on glass solution is requested, or another transnational solution model)

United Kingdom
CyberCX Pty Ltd All CyberCX provided Services Australia
CQR INC. (trading as CyberCX USA INC.) Security Testing & Assurance (STA); and

Digital Forensics & Investigation (DFIR)

USA