Empowering people through a foundation of security, privacy, and trust
Today, almost everything is connected and generating data. These connections have become fundamental to our communities, livelihood, and futures. We have unprecedented opportunities to boost human potential through technology innovation, enabling us to solve urgent societal problems like decarbonizing energy, preventing and curing deadly diseases, and feeding a hungry planet. Yet these new capabilities require connections that also make us more vulnerable unless we proactively address the security and risk challenges that come with innovation. While organizations have always needed security and privacy to protect and secure their customers, operations, solutions, and data, today’s risks and challenges have made these disciplines mission critical.
Our holistic approach to security and privacy sets us apart. The Cisco Trust Portal provides customers with access to security and privacy documents, offering assurances that Cisco solutions align with market security and privacy expectations. The Cisco Trust Center demonstrates our thought leadership across our principles of trustworthiness, transparency, and accountability.
Trustworthiness
We strive to build security and privacy in and throughout each of our solutions' lifecycle. Our solutions are designed to secure and protect personal data and customer data by design and default, creating a competitive advantage for our customers by helping to make their critical infrastructure, applications, and data more secure.
- Counterfeit products can cause serious risks to network quality, performance, safety, and reliability. Our guides help customers to identify counterfeit or pirated products, inspiring confidence that they are buying from trusted sources of Cisco technology.
- Part of Cisco’s success is our ability to acquire companies that strengthen our technology and innovation portfolio, and securely integrate them into the larger organization through a trusted mergers and acquisitions (M&A) cybersecurity approach.
- Cisco regularly publishes resources to help users of all ages stay safe online. See our recent guides on top cyber tips, protecting kids online, and keeping seniors cyber safe.
- When it comes to protecting critical infrastructure, the stakes for service providers are high. This video explains how Cisco Trustworthy Solutions help providers detect potential compromises and validate platform integrity for secure networks.
- The Cisco Cloud Controls Framework (CCF) is a comprehensive set of security and privacy compliance and certification requirements for our Software-as-a-Service (SaaS) solutions, aggregated into a single framework.
- The Trustworthy Cloud spotlights our work with international governance organizations to develop and enhance mechanisms and leading practices that demonstrate compliance and facilitate safe international data flows, as exemplified in Webex by Cisco being the first collaboration suite to achieve European Union (EU) Cloud Code of Conduct Level 3 adherence.
- Responsible use of artificial intelligence (AI) is an important part of our approach to innovation. See our Responsible AI Principles and Responsible AI Framework to learn how these principles and practices form a broad AI governance framework for those who develop, deploy, and use AI.
- With quantum computers rapidly advancing toward the capability to break current encryption methods, Cisco is committed to helping customers adopt quantum-safe encryption to safeguard their data and communications.
- Cisco is committed to securing AI technologies so that they are not only powerful and efficient, but also safe and reliable for users worldwide.
Transparency
We are open and transparent about the security and privacy approach we take across our solutions portfolio, including our compliance with global standards, certifications, and government regulations. And we share our cyber-resilience strategies with organizations around the world with the intention of collectively raising the bar for global cybersecurity and trust.
- A key example is responding to the rapid rise of sophisticated cyber attacks on legacy network infrastructure. Cisco continues to focus on the critical importance of updating software and maintaining hardware to support network resilience.
- Cisco is a founding member of the Network Resilience Coalition, working with technology providers, security experts, and network operators to improve network security that protects critical infrastructure and our global economic and national security.
- Cisco is committed to Software Transparency that reduces cyber risks and enables customers to more efficiently evaluate whether and how secure software development practices were applied.
- Customers can request Software Bills of Materials and Secure Software Development Attestations that provide transparency into the third-party software used in building Cisco products via our Trust Center.
- Our Transparency Reports list the demands we receive from law enforcement and national security agencies around the world. Read more about Cisco’s Principled Approach to Government Demands for Data and Cisco Law Enforcement Guidelines for Government Data Demands.
- Privacy Data Sheets, available for various Cisco solutions, describe how Cisco protects and controls the collection and use of personal data, the purpose under which Cisco processes personal data, where data is processed, and third-party sub-processors processing data.
- Privacy Data Maps visually explain how various types of personal information are collected, used, stored, and shared throughout the solution lifecycle.
-
Cisco’s annual Data Privacy Benchmark Study explores privacy practices and maturity levels at organizations around the world, their financial investments in privacy, business benefits from these investments, and the forces driving these behaviors.
-
The Consumer Privacy Survey is our annual reporting on consumers’ attitudes and actions regarding their personal data.
- We also drive privacy leadership by partnering with global information policy think tanks like the Information Accountability Foundation that focuses on privacy risk management, and organizations such as the Centre for Information Policy Leadership that report on the Business Benefits of Investing in Data Privacy Management Programs.
- Our Cybersecurity Reports, including the Cisco Cyber Threat Trends Report, Duo 2024 Trusted Access Report, and Cybersecurity Readiness Index, provide the latest information for security professionals and business leaders interested in the state of global cybersecurity.
- The Cisco Vulnerability Repository is a vulnerability search engine for Common Vulnerability and Exposures (CVE) that may impact Cisco products intended for credentialed customers. This resource can help Cisco customers understand if their Cisco product is affected by a particular third-party vulnerability and displays Cisco Security Advisories associated with a CVE.
Accountability
Cisco’s dedicated team of security and privacy experts supports our customers’ business resilience and continuity by being proactive and providing timely detection, notification, response, and remediation of security incidents.
- Our Security & Trust infographic provides a closer look at the people, processes, technology, and policies that enable Cisco to help protect the security and privacy of our customers.
-
The Cisco Security Vulnerability Policy and Cisco Security Advisories provide guidance and information in the event of a reported vulnerability in a Cisco product or service.
- Cisco Product Security Incident Response Team (PSIRT) adheres to ISO/International Electrotechnical Commission (IEC) 29147:2018—for disclosure of potential vulnerabilities established by the International Organization for Standardization (ISO)—grounding our work in receiving information about potential vulnerabilities from the public, handling and using those reports, and communicating transparently about our findings.
- Cisco Event Responses provide information about security events that have the potential for widespread impact on customer networks, applications, and devices.
- We hold ourselves accountable for resolution of security and privacy incidents. When issues arise with Cisco’s solutions, our global Security Incident Response Team responds swiftly, using a playbook with documented resolution procedures.
- When security or privacy incidents occur, our Computer Security Incident Response Team and Data Incident Response Team perform 24/7 comprehensive incident investigation and prevention.
-
Cisco Talos is a proven and trusted threat intelligence research team comprising world-class researchers, analysts, and engineers. Talos powers the Cisco portfolio with comprehensive intelligence that supports our customers' environments, every single day, all over the world. Talos provides verifiable and customizable defensive technologies and techniques that help customers, users, and the Internet at-large quickly protect their assets, including:
- Talos Incident Response offers a full suite of proactive and emergency services to help organizations prepare, respond, and recover from a breach.
- Reputation Center provides access to expansive threat data and related information for domains, Internet protocols, and files.
- Talos Vulnerability Research investigates software and operating system vulnerabilities to discover them before malicious threat actors do. We provide this information to vendors so they can create patches and protect their customers as soon as possible.
- The Talos Blog shares the latest threat research on malware campaigns, nation-state activity, and indicators of compromise, while the Threat Source newsletter offers a weekly recap of some of the biggest headlines in cybersecurity. The Beers with Talos podcast series explores all things security, while Talos Takes breaks down complex issues for listeners.
- Talos Year in Review is an annual analysis of key incident trends that affect organizations. The 2024 report will be available early in 2025.
- We are committed to maintaining strong protections for our customers, solutions, and company. The Cisco Online Privacy Statement captures our approach to earning and growing customer trust and is also available in summary form.
-
Cisco supports free and trustworthy data flows, providing third-party attestations of its privacy practices, assuring customers that Cisco meets its privacy and data protection obligations, and offering its solutions worldwide. To this end:
- Cisco’s global privacy program and policies have been approved by EU privacy regulators as providing additional safeguards for protecting privacy, fundamental rights, and freedoms of individuals for transfers of personal data protected under EU law. Cisco’s EU Binding Corporate Rules—Controller provide that international transfers made by Cisco as a controller worldwide of EU Personal Information benefit from additional safeguards.
- For customers who prefer contractual commitments of adherence to EU privacy requirements, Cisco enters into Standard Contractual Clauses, which are incorporated into our Data Protection Agreement.
- Cisco’s global privacy program is certified under the Asia Pacific Economic Cooperation (APEC) Cross Border Privacy Rules system (CBPRs) and Privacy Recognition for Processors (PRP). The APEC CBPR system and PRP provide a framework for organizations to help protect personal data transferred among participating APEC economies.
- Cisco is EU-U.S. Data Privacy Framework (DPF) and Swiss-U.S. DPF certified for the transfer of personal data, and Cisco and its U.S.-based subsidiaries comply with the EU-U.S. DPF, the U.K. Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF for transfers of personal data from the EU, European Economic Area, United Kingdom (and Gibraltar), and Switzerland to the United States.