Privacy Policy

International Systems Assurance & Certification Organization (ISACO)

Effective Date: 02/10/2026

ISACO is committed to protecting the privacy, confidentiality, and security of all individuals and organizations that interact with our services. This Privacy Policy explains how we collect, use, store, and safeguard personal and organizational information.

By accessing ISACO’s website, resources, or certification services, you agree to the practices described in this policy.

1. Information We Collect

ISACO may collect the following types of information:

A. Organization Information

  • Organization name
  • Business contact details
  • Industry, size, and operational context
  • Quality manuals, questionnaires, and documentation submitted for certification

B. Personal Information

  • Name, role, and contact details of representatives
  • Email, phone number, and communication preferences

C. Technical Information

  • IP address
  • Browser type and device information
  • Website usage analytics

D. Application & Assessment Data

  • Documents uploaded for certification
  • Audit notes, assessment comments, and internal observations
  • Verification codes and certification outcomes

No unnecessary personal data is collected.

2. How We Use Your Information

We use collected data to:

  • Process certification applications
  • Conduct documentation reviews and assessments
  • Communicate with organizations about certification status
  • Maintain accurate registry and verification records
  • Improve ISACO resources, tools, and frameworks
  • Ensure compliance with ISACO governance and audit policies
  • Provide support, guidance, and system-improvement feedback

ISACO does not sell, rent, or trade personal or organizational information.

3. Legal Basis for Data Processing

ISACO processes information under one or more of the following legal bases:

  • Consent: When you voluntarily submit information
  • Contractual necessity: When processing is required to deliver certification services
  • Legitimate interests: Improving standards, security, and client support
  • Compliance: Meeting legal or governance obligations

4. How We Store & Protect Data

ISACO uses secure systems and controls to protect all submitted information from:

  • Unauthorized access
  • Loss or alteration
  • Disclosure or misuse

We implement safeguarding practices such as:

  • Encrypted storage
  • Access-restricted systems
  • Confidentiality obligations for all assessors and staff
  • Regular security reviews

Documents submitted for certification are kept strictly confidential and used only for assessment purposes.

5. Information Sharing

ISACO may share limited information only when necessary:

A. With Assessors & Evaluation Teams

For conducting audits and reviews.

B. With Accredited Partners (If Applicable)

Only for coordinated conformance assessments.

C. With Public Registry Visitors

Only certification-related information is listed publicly (e.g., organization name, certification level, verification code).

D. When Required by Law

If legally mandated (rare and strictly controlled).

ISACO never shares internal documents, manuals, or proprietary information publicly.

6. Data Retention

We retain information for as long as necessary to:

  • Complete certification cycles
  • Maintain accurate records
  • Comply with legal and audit obligations
  • Improve ISACO standards

Organizations may request deletion of non-required documents once certification is complete.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your data
  • Request correction or updates
  • Request deletion (where permissible)
  • Restrict or object to certain processing
  • Request transfer of your data
  • Withdraw consent
  • File a complaint with a supervisory authority

ISACO will assist with any valid data request.

8. Cookies & Website Tracking

ISACO may use:

  • Basic analytics tools
  • Session cookies
  • Performance cookies

These help us understand website usage and improve user experience.
You may disable cookies in your browser settings.

9. Third-Party Links

ISACO’s website may link to external sites.
We are not responsible for the privacy practices of third-party websites.

10. Updates to This Policy

This Privacy Policy may be updated periodically.
Updates will be posted on this page with a revised effective date.

11. Contact Us

For questions, requests, or concerns regarding privacy or data protection:

📧 privacy@isaco.org
📧 support@isaco.org
🕒 Response Time: 1–3 business days