Information Security Summit (ISS) has created this privacy statement in order to demonstrate our firm commitment to privacy. The following discloses our information gathering and dissemination practices for this website: www.infiormationsecuritysummit.org.  ISS reserves the right to change this policy at any time by notifying users of the existence of a new privacy statement.

Collection of Data
ISS does not collect personal data about individuals except when such individuals specifically provide such information on a voluntary basis. Users should also be aware that non-personal information, such as the top viewed and visited pages and links on our web site may be automatically collected through the standard operation of ISS’s Internet servers or through the use of ‘cookies.’

In certain limited circumstances (for instance in our Examination Registration Form), we may ask you to provide personal information to assess your suitability to become an ISS member or take a certification examination.  We appreciate that you may consider this information to be sensitive, and you can rest assured that we will keep such information in the strictest confidence and use it only for the limited purposes for which it was collected.

Purpose of Processing
The personal data collected is used by ISS and third parties acting on our behalf for:

  • customer administration and marketing related purposes
  • processing applications received by ISS
  • providing resources to and manage ISS’s relationship with existing members
  • marketing communications on ISS’s behalf and on behalf of other selected vendors.

As ISS is a non-profit organization based in the United States your personal data will be collected and processed in the United States by ISS and third parties acting on its behalf in accordance with and for the purposes set out in this Privacy Policy.  If you do not wish your personal data to be handled in this way, please inform us using the contact details below.

Your Rights
ISS is an education, networking, training and certification organization and maintains information on those who have attended ISS events or possess its certifications or have expressed an interest in them.  If you would like to see the information ISS retains about you, please contact us using the contact details below.

For those who do not maintain their certification, ISS may retain certification records for up to five (5) years following decertification, after which all records regarding a particular member are destroyed.  However, for those who are decertified by the organization for violation of the ISS Code of Ethics, fraudulently misrepresenting their education, experience or background, ISS permanently retains the name, address, appropriate identifying information for certification.  ISS expressly reserves the right to review its retention policy on a case-by-case basis, but not to exceed the maximum amount stated herein.

Opt-Out
ISS is a membership organization and, as such, must maintain contact information on its members to communicate relational or transactional information.  ISS also sends promotional material promoting its conferences, training opportunities, networking events or other offerings.  From time to time, ISS collaborates with other security organizations and companies to promote other programs that may be of interest to information security professionals and ISS constituents.  If, at any time, you do not wish to receive marketing material, every marketing e-mail will include an opt-out link at the bottom or you may notify ISS in writing at the address below.  Be aware that if you possess any ISS certification, you may not opt-out of any ISS relational or transactional notice.

Third Parties
Occasionally, ISS outsources administration and other ISS functions to contractors.  In such cases, ISS may provide these third parties with contact information for the sole purpose of performing ISS-sanctioned tasks under the supervision of ISS employees. These contractual relationships specifically address the manner in which they may use contact information and that they may not copy or disseminate that information or use it for any purpose other than that specified in the contract. Additionally, upon termination of the contract, they must return all information to ISS and destroy any copies that they might possess.

ISS Certification Verification
As an organization that certifies individuals, ISS is frequently requested to verify whether an individual’s assertion that they possess our certification is accurate.  It is an implied duty that ISS identify and attest to the certified status of those individuals who do possess our certification.  As such, ISS will verify whether an individual is certified by ISS or not upon receiving sufficient identifying information regarding the subject of the inquiry

ISS Public Directory
As a service to the general public and ISS members, ISS may publish on the public side of its website, a directory listing of certificate holders which allows contact information to be listed.  Listing in this directory is entirely voluntary.

URL Links
This site may contain links to other sites; ISS is not responsible for any actions or policies of such third parties. Users should check the applicable privacy policy of such a party when providing personally identifiable information.

Contact Us
If you have any comments on this Privacy Policy or wish to contact ISS, you can send an email to:

CSO@INFORMATIONSECURITYSUMMIT.ORG