ISACA’s Third-Party Processors
Last Updated: 17 November 2025
ISACA, as a Controller, engages several third-party processors to support the delivery of its products and services. These processors may provide technical, operational, or specialized support functions, and may process personal data on ISACA’s behalf in accordance with strict contractual obligations.
To ensure that personal data is handled securely and in compliance with applicable data protection laws, ISACA requires all processors to adhere to robust data protection standards, including the implementation of appropriate technical and organizational measures to protect your personal data.
Where personal data is transferred across borders—particularly outside the European Economic Area (EEA), the United Kingdom, or Switzerland—ISACA relies on the Standard Contractual Clauses (SCCs) as a lawful transfer mechanism. These clauses are designed to ensure that data subjects’ rights are protected regardless of where their data is processed.
All third-party vendors listed below act solely as data processors on behalf of ISACA, which remains the data controller under applicable data protection laws. ISACA has executed Data Processing Agreements (DPAs) with each processor, and all international data transfers are governed by Standard Contractual Clauses (SCCs) or other compliant transfer mechanisms. This ensures full compliance with the General Data Protection Regulation (GDPR) and other global privacy frameworks.
Third-Party Processors
| Third-Party Name | Location of Processing | Purpose of Processing |
|---|---|---|
| Accutics | Denmark | Third-Party Data Collection and Enrichment |
| ASQ | United States | Marketing and Lead Generation |
| Avalara, Inc | United States | Payments and Financial Transactions |
| Axios HQ | United States | Membership and Account Management |
| Barcodes, Inc | United States | Physical Fulfillment and Mailing Services |
| BrightTALK by Informa Tech Target | United States | Marketing and Lead Generation |
| Caerus US 1 Inc (Citeline) | United States | Marketing and Lead Generation |
| Carver Global Health Group | United States | Marketing and Lead Generation |
| Chronus LLC | United States | Membership and Account Management |
| Cision US, Inc | United States | Third-Party Data Collection and Enrichment |
| Citeline | United States | Marketing and Lead Generation |
| CVENT | United States | Event and Conference Management |
| Data-Axle | United States | Email and Digital Marketing |
| Datarep | United Kingdom | Third-Party Data Collection and Enrichment |
| Element.cloud | United States | Third-Party Data Collection and Enrichment |
| Executive Platforms, Inc | Canada | Marketing and Lead Generation |
| United States | Third-Party Data Collection and Enrichment | |
| Fonteva LLC | United States | Third-Party Data Collection and Enrichment |
| Foundation Group | United States | Quality Assurance and Compliance Audits |
| Foundry | United States | Marketing and Lead Generation |
| GlobalData | United States | Marketing and Lead Generation |
| United States | Third-Party Data Collection and Enrichment | |
| GovCon Wire | United States | Marketing and Lead Generation |
| Helper Helper | United States | Event and Conference Management |
| Higher Logic LLC | United States | Membership and Account Management |
| iATS { Datasite} | United States | Payments and Financial Transactions |
| Informa Connect Limited dba FinTech Futures | United Kingdom | Marketing and Lead Generation |
| Informa TechTarget Inc | United States | Marketing and Lead Generation |
| Inside Higher Ed | United States | Marketing and Lead Generation |
| United States | Third-Party Data Collection and Enrichment | |
| United States | Third-Party Data Collection and Enrichment | |
| Microsoft Corporation | United States | IT Infrastructure and Cloud Services |
| Multiview | United States | Marketing and Lead Generation |
| National Defense Magazine | United States | Marketing and Lead Generation |
| Oracle/Netsuite | United States | Payments and Financial Transactions |
| PSI Services LLC | United States | Learning and Certification Services |
| United States | Third-Party Data Collection and Enrichment | |
| Salesforce | United States | Membership, Marketing, Support, Fulfillment, Events, Learning |
| United States Postal Service (USPS) | United States | Physical Fulfillment and Mailing Services |
| WTWH Media LLC | United States | Marketing and Lead Generation |
| X (Twitter) | United States | Third-Party Data Collection and Enrichment |
| ZoomInfo Technologies | United States | Third-Party Data Collection and Enrichment |
Objecting to Processing
Individuals who wish to object to the processing of their personal data may do so by submitting a formal request through ISACA’s Privacy Rights Portal. This portal allows data subjects to exercise their rights under applicable privacy laws, including the right to object to processing.
In certain cases, particularly where personal data is shared with sponsors or other independent controllers, ISACA may not be the sole decision-maker regarding the processing activity. In such instances, individuals may be required to submit their objection directly to the third party responsible for the processing. ISACA will provide guidance and contact information where applicable to support this process
To submit a request, please visit: Privacy Rights Portal
Please contact Privacy@isaca.org with any questions, comments or concerns.