The Information Systems Security Association, Inc., ("ISSA" or "Association") has created this privacy statement ("Policy") in order to demonstrate our firm commitment to the privacy and the confidentiality of our members. We endeavor to comply with all laws pertaining to privacy in the countries in which we operate. We also voluntarily endeavor to adhere to the Safe Harbor framework developed by the U.S. Department of Commerce in consultation with the European Union. The following discloses the information gathering and dissemination practices of the ISSA.
Information Collection and Storage
Collection of Personal Information
When you request membership, we ask that you provide information that personally identifies you (Personal Information), and allows us to process your membership or to contact you. This information includes your name, work and home mailing address, company for which you work, phone numbers, e-mail addresses, your credit card information if submitted for payment purposes, and other information to assist us in keeping you informed as to activities of the Association and your rights and privileges as a member.
Storage of Personal Information
This information is retained in the active database while you are a member, and for up to a year afterwards in case you rejoin the Association during that time. After that period of time, it is archived for historical purposes and is no longer accessible through the normal reporting methods.
Credit card information obtained for purposes of membership processing is not stored with the membership record or available to other association members. Association staff retain this information separately for internal processing only.
A discussion of the specific responsibilities of the ISSA staff, Board and Chapter officers can be found below.
ISSA International Staff
The Association’s International Staff use this information to maintain your membership, and to provide you with standard Association communications and privileges.
ISSA International Board
The International Board of the Association has access to your contact information as a part of its oversight responsibilities.
One of our most significant responsibilities and duties as an Association is to encourage professional networking and the sharing of experiences and information between our members. The local ISSA chapter serves a critical role in this activity and we encourage all members to take part in their local chapters. In support of this activity, we share local member contact information with members who have taken on the responsibility of starting a new chapter and to facilitate communications between the local members. We also provide local chapter officers with contact information of members who are not affiliated with the local chapter to support their efforts in getting local members to participate in their local activities. We do, however, recognize that members do not wish to have their contact information spread indiscriminately through the Association or outside of it. We therefore publish contact information only to those in the Association and the Local Chapter with a legitimate need to know.
A significant focus of our charter and activities is the education and development of our members. As a part of this effort, we seek to bring educational opportunities to our members. We likewise seek every opportunity to make our members aware of tools and services that might benefit them and their employers. We therefore solicit, from the vendors that support ISSA, information on available tools, services and educational opportunities and communicate these to our membership.
As a special service to our members, we continually attempt to improve the benefits provided to our members. These benefits include special discount offerings of goods and services. To provide these benefits, it is sometimes necessary to share our member information with selected vendors for the provision of such services. However, this information is provided under agreements that prohibit them from using the information for any other purpose, and under which your privacy must be protected.
CHOICE - Third-Party Goods and Services
We also provide an additional service, permitting vendors of related information security goods and services to make you aware of their offerings. However, we require your consent to include you in this service. We provide an Opt-In option on the registration and renewal forms. If you choose to Opt-In, we sell to vendors a one-time use of the mailing addresses through an independent mailing house. The vendor does not receive the mailing list and the mailing house is contractually bound to us to use that mailing list only once.
If you choose to not Opt-In, your direct mail contact information will not be sold in this manner and you will not receive these mailings. All Local Chapters are also required to honor your choice to not Opt-In. Please note that your e-mail address is never sold as a part of this process, and you will not receive unsolicited e-mail offerings as a result of any sale of your mailing address.
Choosing to not participate in the Opt-In process will not affect mailings and communications submitted to you by ISSA, including the ISSA Journal, the online E-News, and direct mail of special educational offerings sent to you by ISSA.
The ISSA Webcast Policies
The information in this webcast has not been subjected to any formal testing by the Information System Security Association (ISSA). The implementation, use and/or selection of software, hardware, or procedures presented within this webcast and the results obtained from such selection or implementation is the responsibility of the reader.
Information will be presented as technically correct as possible, to the best knowledge of the author. If the reader intends to make use of any of the information presented in this webcast, please verify and test any and all procedures selected. Technical inaccuracies may arise from printing errors, new developments in the industry and/or changes or enhancements to components, either hardware or software.
The opinions expressed by the sponsors who contribute to The ISSA Webcast are their own and do not necessarily reflect the official policy of ISSA.
The webcasts should be within the scope of information systems security, and should be a subject of interest to the members and based on experience. Upon broadcast, it becomes the property of ISSA and may be distributed to, and used by, all of its members. Webcast registration information may be made available to webcast sponsors.
ISSA is a not-for-profit, independent corporation and is not owned in whole or in part by any manufacturer of software or hardware. All corporate information security professionals are welcome to join ISSA. For information on joining ISSA and for membership rates, see www.issa.org.
All product names and visual representations published in this webcast are the trademarks/registered trademarks of their respective manufacturers.
Web Site Access
We use an assigned site member name and a password chosen by our members to permit them access to our restricted membership services on-line. We use your IP address as recorded in our site logs only as needed to help diagnose problems with our server, and to administer our Web site. Site usage information is not analyzed for other purposes or shared with other sites.
We use temporary cookies to save access permissions for our members so that they do not have to log in multiple times as they attempt to access restricted pages during a single online session. These cookies expire with the current session, do not contain any personal information, and are not shared with any other web site.
We accept membership applications and renewals over the Internet through a secured SSL link. No personal or credit card information submitted for this purpose is stored upon the web server.
We provide members with the means to ensure that their personal information is correct and current. Members may review and update this information at any time in the "Members Only" section by following the "Your Member Information Update Form" link. If this information is found to be in error, members may update the information on the member update form.
This site contains links to other sites providing information security updates or educational services which we consider to be of benefit to our members. ISSA is not responsible for the privacy practices or the content of such Web sites.
This site will make a limited number of chat rooms, forums, message boards, and/or news groups available to ISSA members for discussion of information security issues and ISSA business. Please remember that any information that is disclosed in these areas becomes public information and you should exercise caution when deciding to disclose your personal information in that forum.
This site has security measures in place to protect against the loss, misuse and alteration of the information under our control.
The site is audited on a periodic basis to attempt to keep it up to date with good security practices, and protective measures are implemented on the site hosts. Sections of the site are reserved for ISSA members only and are protected from access by other individuals. Personal member information is not stored on the web server. All such information is stored only on protected internal servers at the host site.
Corrections & Updates
Members may request changes to their membership and Opt-In information by submitting these changes in one of three ways:
Use the Update Profile form.
ISSA Inc. 9220 SW Barbur Blvd #119-333 Portland, OR 97219
Changes to this Policy
The Association may amend this Policy from time to time. If we make any substantial changes to the way we use your Personal Information we will notify you by e-mail and a prominent notification on our website.
If you have any questions about this privacy statement, the practices of this Web site, or your dealings with it, or have a concern that these privacy provisions are being violated in some way, please contact the ISSA. Concerns about privacy violations at either the International or Local Chapter level should be sent to either the ISSA Chief Operating Officer or ISSA Director of Marketing and Communications.