Skip to main content


Search for

Security & Business Continuity

Security & Business Continuity

Information Security

Information Security is one of the key drivers in CDC’s business model to ensure reliable and smooth services to our clients. CDC has an established Information Security Management System (ISMS) through which threats / vulnerabilities are monitored and addressed timely to mitigate risks.

All businesses of CDC are certified against globally accepted ISO/IEC 27001:2013 standard, demonstrating our commitment and focus to safeguard the information critical to the functioning of Pakistan Capital Market. Moreover, it ensures that our clients’ assets are well protected in line with internationally recognized current best practices of the information age.

Security is embedded into all functions of the company such as IT, Finance, Legal, Operations, Marketing, Product Development, HR, Administration and Internal Audit. This cross-functional implementation provides best value to the quality of service.

Business Continuity Program

CDC holds a unique privilege to be among very few organizations across the globe, few international depositories and the very first organization in Pakistan to achieve ISO/IEC 22301:2012 for its Business Continuity Program.

CDC has a fully functional BCM Committee headed by the CEO and is comprised of top management that reviews and upgrades the policies and takes necessary actions as and when required. BCM is designed to bridge potential gaps between people, locations and technology that could threaten the smooth execution pf CDC’s business operations.

BCP at CDC is benchmarked with the best practices taken from across the globe. Some of these major aspects include:

Crisis Management Planning

To deal with any unforeseen incident, the Organization has a crisis management plan in place, which prepares it to respond and recover from any adverse event. The plan is chalked out to minimize impact of the incident and provide guidance to employees on how to respond in such circumstances.

Security and safety guidelines are also provided to visitors to be followed in case of emergency. Floor plans, emergency signs and critical contact numbers are placed on all floors. Safety equipment such as smoke detectors, fire extinguishers etc. are also available at appropriate locations. CDC House is a completely non-smoking premises. The building is equipped with public addressing system that provides directions to employees in the event of an emergency.

Recovery of Critical Business Processes

Business Continuity at CDC is designed to respond to any business disruption by resuming critical functions from an alternate site within a defined time-frame. CDC understands that extended delay in revival of its critical business processes may create operational difficulty for its clients that are associated with the company in different capacities.

Communication in Crisis

The effectiveness of CDC’s Business Continuity Program extensively depends on the ability of its members to communicate with each other to coordinate activities, share information and implement appropriate strategies. The communication about the incident is passed to vital staff using the call tree.

Resilient IT Infrastructure

A resilient IT infrastructure is the most critical component in the overall resiliency and business continuity planning of any organization. At CDC, we achieve data resilience via replication among 3 geographically dispersed data centers to avoid single point of failure. The arrangement ensures high availability, business continuity and disaster recovery at a zero data loss.

Welfare of Staff

CDC understands that people are its most critical asset, and organizational success cannot be achieved without them. The Organization enforces emergency procedures and exercises them at regular intervals to safeguard its employees against any uncertain situation. In addition, to fully equip its employees to cope with emergency situations, CDC arranges safety and security trainings like First Aid and Fire Fighting from professional bodies.