Information Security is critical to Credit Benchmark’s success, and the confidentiality of client’s data is our top priority.
- Strong management commitment with oversight from the CEO and the board. Overall authority and responsibility for implementation and management delegated to the CTO.
- Physical Security: bank-grade security at our office site, physical separation of data room.
- Two separate technical environments:
- Secure data processing environment hosted by CenturyLink (and ISO27001 and SOC1 datacenter)
- Credit Benchmark enterprise environment
- Twice Annual Penetration Testing by independent third parties
- Client data encrypted at rest and in transit
CB has a designated compliance committee providing oversight across multiple compliance programmes including:
- Information Security: robust information security architecture to maintain confidentiality of financial institutions. Sensitive data is received and delivered via secure transmissions and hosted in a compliant technology environment.
- Governance: data is delivered using industry-standard quorate rules for contributed data models. A minimum of three observations on an entity are required for data to be published in order to maintain client confidentiality.
- Compliance with code of business conduct: All employees are required to maintain the highest standards of conduct, supported by training and regular affirmations of the code.
Methodology Committee: Forum for all contributing financial institutions:
- Meet 3 times a year
- Objective is to ensure highest standards for data equality and maximum relevance for outputs
- Anti Trust counsel presence ensures compliance
- Data comparability and consistency
- Quorate publication rules
- Oversight of Credit Benchmark Consensus (“CBC”) categories
- Regulatory reporting issues
- Development priorities
Technical Advisory Group
- Ensures that the suite of data is optimised for credit risk management
- Advises on academic applications
- Forum to discuss regulatory issues