Public Register

This Public Registry and all the service declarations it contains comply with the latest version of the CISPE Data Protection Code approved by the CNIL in 2021. 

Click on the tabs below to read the full description

A CISP must complete a self-assessment of its service against the Code Requirements and present it to the CISPE Secretariat:

• its Declaration of Adherence; and
• a completed Compliance Checklist as set out in Annex B of the Code, and any supporting information.

CISPs that follow the Self-Assessment process shall be entitled to have the
self-assessed service into the CISPE Public Register as “Candidate to the Code”, for a maximum period of 12 months following the date of incorporation of the Declaration of Adherence into the CISPE Public Register.

A CISP must first submit the relevant service for Monitoring Body assessment and verification, and present it to the Secretariat:

• its Declaration of Adherence;
• a completed Compliance Checklist as set out in Annex B of the Code, and any supporting information; and
• written confirmation from its Monitoring Body that the CISP service adheres to the Code.

Monitoring Body eligibility is determined by the CNIL (Commission Nationale de l’Informatique et des Libertés), the Designated Supervisory Authority for the CISPE Code of Conduct. Accredited Monitoring Bodies currently are: EY CertifyPoint, Bureau Veritas, LNE as detailed in the Monitoring Bodies section.  

CISPE thanks the early supporters of the CISPE Code of Conduct. Many companies have supported the CISPE Code of Conduct since the beginning and have declared services against the 2016 version of the CISPE Code of Conduct. Services that have been declared under this Code are listed in the 2016 public register.