Information Security, Compliance and Governance

Information Security is critical to Credit Benchmark’s success, and the confidentiality of client’s data is our top priority.

Strong management commitment with oversight from the CEO and the board. Overall authority and responsibility for implementation and management delegated to the CTO.
Physical Security: bank-grade security at our office site, physical separation of data room.
Two separate technical environments:
- Secure data processing environment hosted by CenturyLink (and ISO27001 and SOC1 datacenter)
- Credit Benchmark enterprise environment
Twice Annual Penetration Testing by independent third parties
Client data encrypted at rest and in transit

CB has a designated compliance committee providing oversight across multiple compliance programmes including:

Information Security: robust information security architecture to maintain confidentiality of financial institutions. Sensitive data is received and delivered via secure transmissions and hosted in a compliant technology environment.
Governance: data is delivered using industry-standard quorate rules for contributed data models. A minimum of three observations on an entity are required for data to be published in order to maintain client confidentiality.
Compliance with code of business conduct: All employees are required to maintain the highest standards of conduct, supported by training and regular affirmations of the code.

Methodology Committee: Forum for all contributing financial institutions:

Meet 3 times a year
Objective is to ensure highest standards for data equality and maximum relevance for outputs
Anti Trust counsel presence ensures compliance

Topics include:

A Technical Advisory Panel meets on an ad hoc basis to: