About CyberVadis

CyberVadis is the third-party cybersecurity risk assessment solution developed by EcoVadis, the world's most trusted provider of business sustainability ratings.

We have ten years of experience helping global companies tackle complex risk challenges, from the environmental ecosystem to the new digital ecosystem. 



  • Over 300 leading multinational corporations among our Enterprise clients

  • Over 50,000 companies assessed

  • Customers spanning over 190 business areas in 150 countries

  • 9 Global Offices: New York, Paris, Hong Kong, San Francisco, Toronto, Tunis, Warsaw, Mauritius, Düsseldorf

  • Over 550 employees

  • Over 11 years since founding

Information Security

CyberVadis, as an Ecovadis subsidiary, is committed to provide the highest level of Information Security and to continuously improve in order to protect all stakeholders’ data in an evolving landscape of information security threats.

For this reason, CyberVadis has established an Information Security management system (ISMS) which is certified ISO27001 and  which enables us to systematically operate and maintain information security in our business processes and services and to determine and apply the necessary security measures based on our risk assessment. We have a security incident management process in place in order to detect and remediate security incidents in the future. Penetration tests are performed on a regular basis in order to evaluate our IT infrastructure and identify vulnerability and improvement areas.

The ISMS allows us to ensure the availability, integrity, confidentiality and traceability of information.

Policies and Processes include:


Contractual Privacy Protection for Customers

The terms and conditions of the CyberVadis assessment platform have been designed to guarantee your data confidentiality. The information you provide are kept confidential and cannot be shared without your approval. Learn more in our terms and conditions


Security Training and Information security policies

One major pillar for the success of the ISMS is security awareness of all CyberVadis employees. CyberVadis Employees are regularly trained on information security to keep them updated about current issues and best practices by attending a yearly refresher training and taking a test on our practices and policies.

All new hired employees have to participate in a mandatory information security training as part of the induction training. CyberVadis employees must follow the set of information security policies that are regularly reviewed. Employees also go through a regular phishing test to raise the cyber awareness.


EU General Data Protection Regulation

CyberVadis believes that the GDPR is an important step to strengthen and harmonize data protection of EU citizens’ personal data. As a data controller CyberVadis is committed to comply with regulations and to put in place the best practices.

CyberVadis uses the ISO 27001 standard, for which we are certified, as a framework and integrates personal data protection aspects in its management system.

There is no certification available yet to demonstrate GDPR compliance, but we have implemented our data protection practices and confirmed our good practices by a third party audit.

For the data processing performed outside of the EU, we have in place contractual clauses with our entities and CyberVadis is currently registered for the EU-U.S. Privacy Shield.

We always carefully select our providers and we require their acceptance of data protection clauses to be able to work for us. We use the following major processors:

Legal Entity
Transfer to Non-EEA: Transfer Safeguard
Additional Security Information
55 2nd Street
4th Floor
San Francisco, CA 94105
United States
Privacy Shield if transfer to U.S.
2 Henry Adams St, 
San Francisco, CA 94103 USA
Privacy Shield if transfer to U.S.
Microsoft Azure
Microsoft Campus,
Redmond, WA 98052 USA
Privacy Shield if transfer to U.S.
1600 Amphitheatre Parkway
Mountain View, CA 94043 USA
Privacy Shield if transfer to U.S.
Data Processing Amendment to G Suite

Learn more in our Statement of Data Privacy


Code of conduct and Confidentiality agreements 

CyberVadis employees are required to sign a code of conduct and a confidentiality clause as part of their employment contract prior to access to our platform. The clause prohibits any disclosures of confidential information concerning the business of CyberVadis and its customers. The obligations and duties remain valid even after termination. 


CyberVadis’ online collaborative platform enables companies to assess and monitor supply chain information security performance and the information security management system governing development and operations thereof   is ISO/IEC 27001:2013 certified, one of the world’s most widely recognised information security standards.

View the Certificate


Our Compliance is certified by PwC Certification B.V, an independent and accredited certification body.

View the Statement of Applicability




  • United States

    205E 42nd St, 20th floor 
    New York, NY 10017


  • France

43 Avenue de la Grande-Armée
75116 Paris


  • Hong Kong

Room 1005, Allied Kajima Building
138 Gloucester Road
Wanchai, Hong Kong


  • Poland

Spektrum Tower 
4th floor / 26th floor
ul. Twarda 18 
00-105 Warszawa