Central Depository Company (CDC) has been recently certified with the prestigious ISO 27001 standard, the highest Information Security Management System (ISMS) certification in the world. After this achievement, CDC is now amongst the top 3 companies in Pakistan to receive this award in the financial sector.
CDC has received this certification for overall depository operations including functional, technical and legal aspects. The process involved identification of areas & controls, gap analysis and development of policies & procedures. Other areas included identifying assets & associated risks and third party controls implementation. A rigorous company-wide awareness and training exercise was under taken to understand and comply with the standard. Later, an internal audit exercise was performed as well to review the implementation and compliance.
Awarded by the United Kingdom Accreditation Service (UKAS), the ISO/IEC 27001:2005 is the only Information Security Management System (ISMS) standard accepted globally and a critical requirement for organizations with clientele comprising of public sector and corporate organizations. It was published
in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
The ISMS not only specifies pre-emptive measures for information security but also specifies an effective information security incident reporting mechanism. This mechanism ensures that all security threats, whether identified by management, staff or customers are not only reported in a structured manner but also appropriate corrective/pre-emptive action is performed on the same.
This accreditation is a giant stride for CDC towards achieving operational excellence and maximizing customer trust & confidence in the Company’s infrastructure and security capabilities. The effort and motivation involved in achieving this standard highlights CDC’s best practices approach for the benefit of its stakeholders and capital market investors through stringent security of their information and data.