Information Security, Compliance and Governance

Information Security



Information Security is critical to Credit Benchmark’s success, and the confidentiality of client’s data is our top priority.

  • Strong management commitment with oversight from the CEO and the board. Overall authority and responsibility for implementation and management delegated to the CTO.
  • Physical Security: bank-grade security at our office site, physical separation of data room.
  • Two separate technical environments:
    • Secure data processing environment hosted by CenturyLink (and ISO27001 and SOC1 datacenter)
    • Credit Benchmark enterprise environment
  • Twice Annual Penetration Testing by independent third parties
  • Client data encrypted at rest and in transit




CB has a designated compliance committee providing oversight across multiple compliance programmes including:

  • Information Security: robust information security architecture to maintain confidentiality of financial institutions. Sensitive data is received and delivered via secure transmissions and hosted in a compliant technology environment.
  • Governance: data is delivered using industry-standard quorate rules for contributed data models. A minimum of three observations on an entity are required for data to be published in order to maintain client confidentiality.
  • Compliance with code of business conduct: All employees are required to maintain the highest standards of conduct, supported by training and regular affirmations of the code.




Methodology Committee: Forum for all contributing financial institutions:

  • Meet two times a year
  • Objective is to ensure highest standards for data equality and maximum relevance for outputs
  • Anti Trust counsel presence ensures compliance

Topics include:

  1. Data comparability and consistency
  2. Quorate publication rules
  3. Oversight of Credit Benchmark Consensus (“CBC”) categories
  4. Regulatory reporting issues
  5. Development priorities

A Technical Advisory Panel meets on an ad hoc basis to:

  • Ensure that the suite of data is optimized for credit risk management
  • Advise on potential academic applications of the aggregated content
  • Provide support for the research & development of new products
Follow us on: