The DPA, together with the Information Security Exhibit and the Privacy Data Sheets, governs how Cisco processes customers' personal data. In the tabs at left, you will find all resources and documentation that are linked in the DPA and that are relevant to Cisco's processing of personal data.
Cisco may transfer to and process personal data in locations where Cisco or its subprocessors maintain personal data processing operations to provide Cisco offers, as further detailed in the respective Privacy Data Sheets.
Cisco will conduct such transfers in accordance with the transfer mechanisms set out here. Any further changes to these transfer mechanisms approved with an official decision by the applicable competent authority will be incorporated by reference into the DPA and a copy of the new mechanism will be available on this page.
Impact assessments: We have created Transfer Impact Assessment (TIA) packages to help our customers conduct TIAs in use of Cisco offers.
Where Cisco processes personal data from the United Kingdom on behalf of customers in the United States, Cisco shall perform such processing in accordance with the UK Extension to the EU-U.S. Data Privacy Framework and in accordance with the EU Standard Contractual Clauses, as amended by the UK International Data Transfer Addendum to the EU Commission Standard Contractual Clauses.
Where Cisco processes personal data from the EEA on behalf of customers in a country that is not an Approved Jurisdiction, Cisco shall perform such processing in accordance with the EU Standard Contractual Clauses and/or in accordance with Articles 44 to 49 of the General Data Protection Regulation (GDPR).
Where Cisco processes personal data from the United Kingdom in a third country, such processing shall be performed in accordance with the EU Standard Contractual Clauses, as amended by the UK International Data Transfer Addendum to the EU Commission Standard Contractual Clauses.
Where Cisco processes personal data from Switzerland in a third country, such processing shall be performed in accordance with the EU Standard Contractual Clauses, as amended by the Swiss Addendum to the EU Commission Standard Contractual Clauses.
Where Cisco processes personal data from the Kingdom of Saudi Arabia in a third country, such processing shall be performed in accordance with the KSA Standard Contractual Clauses.
Where Cisco processes personal data from Turkey in a third country, such processing shall be performed in accordance with the Turkish Standard Contractual Clauses. Cisco is aware of the requirements laid down by the Regulation on the Procedures and Principles Regarding the Transfer of Personal Data Abroad published in the Turkish Official Gazette dated 10 July 2024 (the “Regulation”) and is committed to assist customers as needed to ensure compliance with such requirements. Likewise, customers commit to fulfill all obligations applicable to data controllers under the Regulation, including the obligation to inform the Turkish Data Protection Authority regarding the execution of the Turkish Standard Contractual Clauses with Cisco.
For jurisdictions other than the EEA, the United Kingdom, or Switzerland, transfers of personal data outside of the jurisdiction will be consistent with data protection laws.
Our Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system and Privacy Recognition for Processors (PRP) system certifications apply to our business processes across our global operations that process and transfer personal information to/from our affiliates around the world. To view our certifications, please visit the CBPR site.
Review Cisco's technical and organizational measures, which are designed to protect the security, integrity, and confidentiality of personal data of our customers. The Information Security Exhibit is incorporated by reference in the DPA.
View Information Security Exhibit (PDF)
You can subscribe to receive email notifications containing detailed information when the Information Security Exhibit is updated. Click the Subscribe link in the upper-right-hand corner of the Information Security Exhibit, and you'll receive an email notification each time the document is updated.
Privacy Data Sheets describe the processing activities for personal data in relation to Cisco offers and are incorporated by reference in the DPA. Use those documents to learn about the personal data processing operations in relation to particular Cisco offers (categories of personal data that are processed, purpose of processing, cross-border transfers, access controls, data portability, retention and deletion periods, data security, incident management, subprocessors, certifications, etc.).
You can subscribe to receive email notifications containing detailed information about any updates to the processing operations of Cisco offers published in the applicable Privacy Data Sheet(s). Click the Subscribe icon in the upper-right-hand corner of a Privacy Data Sheet, and you'll receive an email notification each time that document is updated.
Securing and protecting our customers and their data include following open, global standards. Cisco holds multiple product- and service-specific security certifications, such as from International Organization for Standardization (ISO), SOC, or the EU Cloud Code of Conduct.
Cisco's Global Privacy Policy is the foundation of Cisco's global privacy program to establish and maintain high standards for processing personal data. It describes the approach Cisco takes when processing data.
Cisco's Online Privacy Statement reflects our global principles and standards in relation to handling personal data.
You can find all of Cisco's privacy and security resources and materials at our Trust Center.
Our Trust Portal is a self-service tool that gives you on-demand access to public Cisco security, trust, data protection, and privacy compliance documents. You can use the tool to help to better manage security and compliance due-diligence requirements for your organization.
