IISRIRating Security for the Public

Privacy Policy

For purposes of this policy, "IISRI" shall mean Independent Information Security Rating Institute Limited.

1. Purpose

IISRI is committed to safeguarding the privacy of our customers; in this policy we explain how we will treat your personal information. This Privacy Policy explains data collection, data use and data disclosure by IISRI and your rights to access, modify or delete your data. By using this website, rating reports and our services, you are deemed to have accepted and agreed to this Privacy Policy.

2. Information Collected

Below you will find a description of possible interactions with IISRI where private information might be collected.
2.1. Website.
Any information, materials and services provided on this website are under Terms and Conditions. By using this website you agree with them. We use cookies as your consent to our Terms and Conditions. We do not use cookies to collect any information about you or how you use our website. We might store anonymized information with a 12 months retention policy.
2.2. Rating reports.
In order to purchase our rating reports, you need to provide us with the following details: your first and last name, email address and (optionally) organization name. This information is retained for 12 months or until the rating expires. After this period all your personal information is automatically removed.
2.3. External assessments.
External assessments are performed based on publicly available information. Therefore, none of the information is classified as privacy related information. All information used during the assessments is mirrored, timestamped, encrypted and stored in a secure location.
2.4. Internal assessments.
Internal assessments are performed with the cooperation of the assessed organization and therefore privacy related, sensitive or confidential information may be provided to IISRI. All information obtained via electronic communication is transferred over an encrypted channel. Access to this information is strictly limited to the IISRI assessors per assessment and the IISRI rating committee. ALL data used during and after the assessment are encrypted.
2.5. Email.
Any information sent to IISRI by email is considered to be send through ann unencrypted channel. Therefore such information is automatically declassified and is not covered by this policy.

3. Use of Collected Information

Only in two situations does IISRI use your personal information: when you buy our reports from our website and when we perform internal assessments. This information is retained for 12 months or until the rating expires.
3.1. Reports
Information provided by you is used to create a unique watermark and stored in case you lose your rating report. You can contact us and based on this information we can send you a copy of the report.

IISRI will not disclose confidential information to third parties. However, in case of internal assessments, the assessed organisation might request us to disclose confidential parts of the report to third parties. In order to do that IISRI will first confirm that the requestor is the owner or legitimate representative of the assessed organization.
3.2 Internal assessment
Information provided by you is used to perform the internal assessment and to provide you with an internal information security rating.
3.3 Payment
All our online financial transactions are handled by our payment services provider, who respects your privacy according to their privacy policy. We will share your information with our payment services provider only to the extent necessary for the purposes of processing online payments via our website and possible refunds.

4. Disclosure of information

IISRI does not disclose any collected private information to any third party without your explicit consent. IISRI does not disclose any collected private information to any government or legal authority except when IISRI is forced to do so by NZ Legal/Judicial authority.

5. Retaining personal information

We only retain your private information for a period in excess of the time specified in this policy when we need to comply with our legal obligations in relation to the retention and deletion of personal information or in order to establish, exercise or defend our legal rights.

6. Policy modifications

IISRI may amend this Privacy Policy from time to time and will post any changes on this site. You should check this page occasionally to ensure you are informed about any changes.

7. Questions and Requests

If you would like IISRI to remove information related to you, please use the contact form here. If you have any questions or comments about this Privacy Policy, please also use the contact form here.

Any information, materials and services provided on this website are under Terms and Conditions. By using and/or accessing this website you agree with them. If you don't agree, leave this website.

This website use cookies. You can find our Privacy Policy here.
OK