Platform Partners & Vendors with Operating Roles
Overview
Kurtosys Systems Inc. partners with selected globally recognized leaders in their respective fields (third parties with operating roles) to assist us with providing our products and services to our customers.
Some provide indirect, commoditised services with no data processing role, while others perform certain direct and specific data processing activities.
By design, indirect access excludes a relevant partner from accessing any of our customer data. In the unprecedented and unlikely event that they bypass controls and contractual obligations to gain access to our customer data without our consent, this would constitute a deliberate and unauthorised act, and we will proceed accordingly.
Direct access, on the other hand, means a partner has a role with ‘least privilege’, allowing it to access selective customer data on a routine or temporary basis to perform certain actions or services within our platform.
Diligence and compliance
Before engaging a third-party provider and assigning it an operating role, Kurtosys performs an exhaustive risk analysis to evaluate suitability – ensuring that it is capable of performing the functions required and complies with applicable security and confidentiality practices. We expect our partners to be have a suitable level of certification to prove this. We further continuously monitor and review the services and actions of third-parties.
In addition, we enforce strict terms in our agreements with third-party service providers, at a minimum:
- Restricting third parties’ and their suppliers’ access to our customer data (to what is necessary to assist them in providing or maintaining services), and prohibiting them from accessing customer data for any other purpose;
- Preventing third parties from disclosing information of any kind;
- Imposing data protection terms requiring third parties to protect customer data to the standard required by data protection laws;
In all this, Kurtosys remains responsible for ensuring its compliance with any obligations imposed on it under agreement/s with its Customers, and for any acts or omissions of third parties that may have caused it to breach such obligation/s.
We encourage our customers to understand how the third parties listed below operate and use data in the context of the products and services we provide, to enable you to judge whether this creates any operational concerns in their data processing.
Third parties
We employ third parties for some strategic platform functions, such as cloud infrastructure services; website content management; authentication mechanisms; customer marketing activities; SLA monitoring.
We list these third parties and their roles in our Information Security Pack. If you require more information, please get in touch with us.
Third-party partner list updates
Kurtosys, in our discretion, may update these third-party lists at any time to remain current with development of our body of products and services. When we do, we will provide notice to customers in our normal review processes (roadmap announcements, project reviews, etc.) and revise the ‘last updated’ date at the bottom of this page. We encourage users to frequently check this page for any changes. You acknowledge and agree that it is your responsibility to review this periodically and become aware of modifications.
Contacting us
If you have any questions about this policy, please contact Kurtosys Systems via our Contact Us page.
This document was last updated in May, 2019.