In today’s world, all service based organizations face increasing demands to be more transparent and to demonstrate high standards of corporate conduct. As one such organization, Central Depository Company (CDC) deals with such demands by keeping a proactive approach towards acquiring international standards in its working mechanisms. This has become possible due to adoption of best practices and accredited service quality levels at all platforms.
In line to this continuous strive, CDC has been recently certified with the prestigious ISO 27001 standard, the highest Information Security Management System (ISMS) certification in the world, thus becoming one of the three companies in Pakistan to receive this award in the financial sector.
CDC has received this certification for overall depository operations including functional, technical and legal aspects. The process involved identification of areas for the implementation of controls, gap analysis and development of policies & procedures to implement the ISO 27001 standard protocols. Other areas included identifying assets & associated risks and third party controls implementation. A rigorous company-wide awareness and training exercise was undertaken to understand and comply with the standard. Later, an internal audit exercise was performed as well to review the implementation and compliance.
Awarded by the United Kingdom Accreditation Service (UKAS), the ISO/IEC 27001:2005 is the only Information Security Management System (ISMS) standard accepted globally and a critical requirement for organizations with clientele comprising of public sector and corporate organizations. It was published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
The ISMS not only specifies pre-emptive measures for information security but also specifies an effective information security incident reporting mechanism. This mechanism ensures that all security threats, whether identified by management, staff or customers are not only reported in a structured manner but also appropriate corrective/pre-emptive action is performed on the same.
This accreditation is a giant stride for CDC towards achieving operational excellence and maximizing customer trust & confidence in the Company's infrastructure and security capabilities. The effort and motivation involved in achieving this standard highlights CDC’s best practices approach for the security of information of its stakeholders through the implementation of international standards.