response, leveraging diverse teams including the Cisco Product Security Incident Response Team (PSIRT), the Cisco Security
Incident Response Team (CSIRT), the Advanced Security Initiatives Group (ASIG), and Cisco Legal.
PSIRT manages the receipt, investigation, and public reporting of security vulnerabilities related to Cisco products and
networks. The team works with Customers, independent security researchers, consultants, industry organizations, and other
vendors to identify possible security issues with Cisco products and networks. The Cisco Security Center details the process for
reporting security incidents.
The Cisco Notification Service allows Customers to subscribe and receive important Cisco product and technology information,
including Cisco security advisories for critical and high severity security vulnerabilities. This service allows Customers to choose
the timing of notifications, and the notification delivery method (email message or RSS feed). The level of access is determined
by the subscriber’s relationship with Cisco. If you have questions or concerns about any product or security notifications,
contact your Cisco sales representative.
12. Certifications and Compliance with Privacy Requirements
The Security and Trust Organization and Cisco Legal provide risk and compliance management and consultation services to help
drive security and regulatory compliance into the design of Cisco products and services. The Service is built with security and
privacy in mind and is designed so that it can be used by Cisco customers in a manner consistent with global security and
privacy requirements, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA),
California Privacy Rights Act (CPRA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and
Personal Health Information Protection Act (PHIPA), Health Insurance Portability and Accountability Act (HIPAA), and Family
Educational Rights and Privacy Act (FERPA).
Further, in addition to complying with our stringent internal standards, Cisco also maintains third-party certifications and
validations to demonstrate our commitment to information security and privacy. Webex has received the following
certifications:
• EU Cloud Code of Conduct Adherence by SCOPE Europe
o For more information about the EU Cloud of Conduct see: Cisco Webex EU Cloud Code of Conduct and the
Verification of Declaration of Adherence.
• ISO/IEC 27001:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2019, ISO/IEC 27701:2019 Certification
• SOC 2 Type II Report
• BSI Cloud Computing Compliance Criteria Catalogue (German C5)
• CSA STAR Level 2 Certification
• HIPAA Attestation
• Spanish ENS (Esquema Nacional de Seguridad) Certification
• Italian AgID (Agency for Digital Italy) Certification
• Australian IRAP (Information Security Registered Assessors Program) Certification
• Japanese ISMAP (Information System Security Management and Assessment) Certification
Customers can review the certifications at the Cisco Trust Center (some of which will require an NDA).
13. Exercising Data Subject Rights
Users whose personal data is processed by the Service have the right to request access, rectification, suspension of processing,
data portability and / or deletion of the personal data processed by the Service as well as object to processing.
We will confirm identification (typically with the email address associated with a Cisco account) before responding to the
request. If we cannot comply with the request, we will provide an explanation. Please note, users whose employer is the
Customer/Controller, may be redirected to their employer for a response.
Requests can be made by submitting a request via:
1) the Cisco Privacy Request form
2) by postal mail: