Platform Partners & Vendors with Operating Roles

Overview

Kurtosys Systems Inc. uses some specific partners and vendors (third-parties) to assist in providing the products and services it delivers to customers, i.e. third-parties with operating roles. Some of these are involved in providing indirect, commoditised services with no data processing role. Others are engaged in direct, specific data processing activity.

Indirect access means that they do not have access to any Customer Data by design. Should they bypass controls and contractual obligations, they may gain access to Customer Data without our consent. This would constitute a deliberate act and would not be the result of an accidental action.

Direct access means that they have a role with least privilege that enables them to access selective Customer Data on a routine or temporary basis to perform certain actions or services within our platform.

Diligence and Compliance

Prior to engaging any indirect or direct third-party provider with an operating role, Kurtosys apply a risk assessment process to evaluate suitability, ensure that the third-party is able to perform the functions required and that they are compliant with security and confidentiality practices which may apply. We expect third-parties to be able to demonstrate a suitable level of certification to confirm this. We also maintain a continuous process of monitoring and reviewing third-party actions.

We also execute agreements with our third-party service providers, which include terms that, at a minimum:

  1. Restrict the third-parties and their suppliers access to Customer Data only to what is necessary to assist in providing or maintaining services, and prohibit them from accessing Customer Data for any other purpose;
  2. Prevent third-parties from disclosing information of any kind;
  3. Impose data protection terms requiring the third-parties to protect the Customer Data to the standard required by Data Protection Laws;

Kurtosys will remain responsible for its compliance with the obligations of any applicable agreements with Customers and for any acts or omissions of the third-party that cause Kurtosys to breach any of its obligations under those agreements.

We encourage customers to understand how these third parties operate and use data in the context of our products and services we provide in order to determine whether this creates any operational concerns in data processing.

Third-parties

The third-parties below provide: cloud infrastructure services; web site content management; authentication mechanisms; customer marketing activities; SLA monitoring:

Indirect 3rd parties. These provide services to Kurtosys Systems which impact all customer hosting:

Rackspace Inc. Infrastructure and datacentre
Amazon Web Services Infrastructure and datacentre
Microsoft Azure Infrastructure and datacentre
Alert Logic Threat Monitoring services
Akamai WAF, DDoS, edge caching services

Direct 3rd parties. These provide additional data processing services to Kurtosys Systems which may be used in some customer applications as appropriate to the implementation

Duo Security Multi factor authentication of users
Nurture Agency Web Site content management and administration
Google Marketing statistics
Pardot Marketing statistics
dotmailer Marketing statistics
Tealium Marketing statistics
Sendgrid Email notifications
Bitbucket Content repository and backup of configuration
Ghost Inspector Web content checking and monitoring
Runscope Web content checking and monitoring

Updates

Kurtosys has the discretion to update the third-party list at any time in a manner that is consistent with the requirements of our products and services. When we do, we will provide notice to customers in normal review processes (roadmap announcements, project reviews, etc) and revise the updated date at the bottom of this page. We encourage users to frequently check this page for any changes. You acknowledge and agree that it is your responsibility to review this periodically and become aware of modifications.

Contacting us

If you have any questions about this policy, please contact Kurtosys Systems at:

134 Fifth Avenue, 3rd Floor, New York NY 10011
Tel: +1 646 838 2030

or

77 Kingsway, London WC2B 6SR
Tel +44 (0)800 029 1410

This document was last updated in May, 2018.