CDC provides depository, trustee & custodial, share registrar and investor account services to the Capital Market of Pakistan. Information security is one of the key drivers in CDC business model to ensure reliable and smooth services to our clients. CDC has an established Information Security Management System (ISMS) through which threats / vulnerabilities are monitored and addressed timely to mitigate risks.
CDC Depository Service is certified against globally accepted ISO/IEC 27001:2005 standard, demonstrating management commitment and focus to safeguard the information critical to functioning of entire capital market. Additionally, it gives assurance to all our clients that their assets are well protected in line with internationally recognized best practices of the information age.
Over the years various security controls have been implemented and efforts are made to enhance value to clients through evolution. Security is embedded into all functions of the company such as IT, Finance, Legal, Operations, Marketing, Product Development, HR, Administration and Internal Audit. This cross-functional implementation provides best value to quality of service. Following are salient security features of CDC business applications:
· Unique UserId and Password for clients;
· Two-factor authentication scheme that requires 4 digit Personal Identification Number (PIN) and 6 digit RSA pass-code that refreshes every minute;
· CLI binding for all dial-in clients who connect via telephone lines;
· Terminal binding to ensure only authorized systems are used to access CDC services.
In order to protect itself from any loss arising due to claim lodged by a CDS element, Central Depository Company has obtained insurance coverage against the following risks:
- Employees' infidelity
- Computer Crime
- Professional Liability
Insurance coverage has been acquired from a consortium of EFU General Insurance Company Limited, New Jubilee Insurance Company Limited and PICIC Insurance Limited for Rs. 1 billion.
Business Continuity Program
BCP at CDC is benchmarked with the best practices deployed across the globe.
|CDC holds a unique privilege to be among very few organizations across the globe, few international depositories and the very first organization in Pakistan to achieve BCP BS 25999 certification
Some of the major aspects of CDC planning, to deal with any untoward situations include:
Welfare of Staff:
Our people are most important asset. Without them, achieving the ability to continue the organization’s operations cannot be conceived. Therefore, CDC makes sure the safety and security requirement of its employees are not compromised. CDC enforces emergency procedures and exercises them on continuous basis to ensure welfare of staff in case of any unwarranted situation.
In addition, to fully equip its employees to cope with emergency situations, company arranges safety and security trainings like First Aid and Fire Fighting from the professional bodies.
Crisis Management Planning:
To deal with any undesirable incident, the company has crisis management plan in place, which prepares the company to respond and recover from any such incident. The plan is chalked out to minimize impact of the incident and provide guidance to employees on how to respond in such circumstances.
Security and safety guidelines are also provided to visitors to preamp them that what they require to do in case of emergency. Floor plans, emergency signs and critical contact numbers are placed on all floors at appropriate locations. Smoke dedicators, fire extinguishers and other Safety equipments are also available at appropriate locations. The CDC House is equipped with public addressing system that provides directions to employees in the event of an emergency.
Recovery of critical business processes:
Business Continuity at CDC is designed such that it responds to any business disruption by resuming critical functions within a defined timeframe. CDC understands that extended delay in revival of its critical business processes may create operational difficulty for its clients that are associated with the company in different capacities. Considering its critical role in the industry, CDC has set a tough recovery time objective (RTO) of 2 hours for its critical services.
Communication in Crisis:
The effectiveness of Business Continuity Program extensively depends on the ability of its members to communicate with each other to coordinate activities, to share information and implement appropriate strategies. The decision about the incident is passed to vital staff using the call tree.
Dynamics of communication is necessary to contain the incident and its impact on the reputation of the organization. To avoid panic and control rumors, timings and content of the information will be passed to the press and media by the Head of Marketing & Customer Services at CDC. A team is designated to work under him to establish communication with customers using various communication channels. These channels includes corporate website, SMS alerts and email alerts. Further, call center telephone number is transferred to DR site which enables CDC clients to speak to the customer service
s officer even during the disaster circumstances.
Resilient IT Infrastructure:
Resilient IT infrastructure is the most critical component
s in organization’s over all resiliency and business continuity planning.
At CDC we achieve data resilience via replication among 3 geographically dispersed data centers to avoid single point of failure. The arrangement ensures high availability, business continuity and disaster recovery at a zero data loss.