ISACA’s Third-Party Processors
Last Updated: 3 December 2025
ISACA, as a Controller, engages several third-party processors to support the delivery of its products and services. These processors may provide technical, operational, or specialized support functions, and may process personal data on ISACA’s behalf in accordance with strict contractual obligations.
To ensure that personal data is handled securely and in compliance with applicable data protection laws, ISACA requires all processors to adhere to robust data protection standards, including the implementation of appropriate technical and organizational measures to protect your personal data.
Where personal data is transferred across borders—particularly outside the European Economic Area (EEA), the United Kingdom, or Switzerland—ISACA relies on the Standard Contractual Clauses (SCCs) as a lawful transfer mechanism. These clauses are designed to ensure that data subjects’ rights are protected regardless of where their data is processed.
All third-party vendors listed below act solely as data processors on behalf of ISACA, which remains the data controller under applicable data protection laws. ISACA has executed Data Processing Agreements (DPAs) with each processor, and all international data transfers are governed by Standard Contractual Clauses (SCCs) or other compliant transfer mechanisms. This ensures full compliance with the General Data Protection Regulation (GDPR) and other global privacy frameworks.
Third-Party Processors
| Third-Party Name | Location of Processing | Purpose of Processing |
|---|---|---|
| Avalara | United States | Payments and Financial Transactions |
| BenchPrep | United States | Learning and Certification Services |
| Chronus | United States | Membership and Account Management |
| Credly | United States | Digital Membership Card |
| CVENT | United States | Event and Conference Management |
| Data-Axle | United States | Email and Digital Marketing |
| Datarep | United Kingdom | Customer Support and Service Delivery |
| United States | Analytics | |
| Higher Logic | United States | Membership and Account Management, Email Marketing | Microsoft | United States | IT Infrastructure and Cloud Services |
| OpenWater | United States | Membership and Account Management |
| Oracle NetSuite | United States | Payments and Financial Transactions |
| PayPal | United States | Payments and Financial Transactions |
| PSI Services | United States | Learning and Certification Services |
| Salesforce | United States | Membership, Marketing, Support, Fulfillment, Events, Learning |
Objecting to Processing
Individuals who wish to object to the processing of their personal data may do so by submitting a formal request through ISACA’s Privacy Rights Portal. This portal allows data subjects to exercise their rights under applicable privacy laws, including the right to object to processing.
In certain cases, particularly where personal data is shared with sponsors or other independent controllers, ISACA may not be the sole decision-maker regarding the processing activity. In such instances, individuals may be required to submit their objection directly to the third party responsible for the processing. ISACA will provide guidance and contact information where applicable to support this process
To submit a request, please visit: Privacy Rights Portal
Please contact Privacy@isaca.org with any questions, comments or concerns.