• Blog
  • How CRIF Secures Your Data: Data Security and ISO:27001 Certification In The Philippines

Jun 18, 2021

How CRIF Secures Your Data: Data Security and ISO:27001 Certification In The Philippines

CRIF has its operations based in over 35 countries across four continents. More than 10,500 financial institutions, 1,000 insurance companies, 82,000 business clients, and a million consumers use the CRIF services in 50 countries. 

In the Philippines, CRIF has been a Special Accessing Entity (SAE) of Credit Information Corporation since 2016. With data of more than 21 million individuals and 1 million businesses with 50 million credit lines, CRIF can be your ideal partner for data analytics and credit risk assessment for your organisation. 

Owing to its industry experience and availability of extensive customer data with several variables, CRIF enables the organisation to build a robust credit framework. Our critical services include assisting in scorecard development, validating data sampling, monitoring data processes, and implementing the process to automate credit risk grading.

A million dollar question – Is my data safe with CRIF?

A straightforward answer to this question is ‘Yes’.

CRIF takes data security and privacy for its clients very seriously and sincerely. Apart from the regulatory and compliance requirements on CRIF for data security, CRIF is taking all the steps and actions for securing Personally Identifiable Information (PII). With several checks and controls in place, our clients can be assured that their data is entirely safe with CRIF.

Three critical pillars for strong data security practices

  1. PEOPLE - Is CRIF equipped with suitable people for data security?

CRIF maintains a strong focus and emphasis on the right people on the job to ensure our client’s data integrity and security with background verification process for employees and contractors. While 5,000 professionals are looking after different roles at various levels in CRIF globally, we ensure that the following data security experts and verifiers are securing access to your data: 

  • Chief Information Security Officer to control the data security function

  • ISO 27001: 2013 Certified Lead Auditors to verify that the internal checks and controls are in place

  • Certified Ethical Hackers to identify vulnerabilities and detect system bugs 

  • Developers to plug any bugs and loopholes in the system

  • Network Security Expert to review the data security controls and processes 

  • Legal & HR Expert to ensure all the necessary compliances 

  1. PROCESSES – What are the processes at CRIF to ensure data security?

CRIF has a well-defined framework of internal processes to protect data integrity and security, which inter alia include the following: 

  • Information Assets Risk Assessment

  • Secure Software Development Life Cycle

  • Regular Vulnerability and Penetration Testing

  • Secure Configuration Review

  • Third-Party Risk Assessment

  • Due Diligence Process

  • Information Security Awareness Training

  • Business Continuity Planning

CRIF’s Information Security Management System has been granted ISO 27001:2013 certification, which aims to protect data from internal and external threats to ensure data integrity, confidentiality, and availability. An independent certification also guarantees clients, whether credit institutions, companies or private citizens, that CRIF has adopted adequate internal processes and measures to protect their information and minimize potential security risks.

  1. TECHNOLOGY – How is CRIF technologically equipped to ensure data security?

We extensively use technology to ensure that the data available with us is accessed only by the people entitled to access it and no unauthorized access occurs. 

Following tech-enablers are deployed by CRIF to ensure data security and integrity: 

  • Automated tools for Application Vulnerability Assessment (VA)

  • VPN (Virtual Private Network) Connectivity

  • Perimeter Security

  • Encryption tools

  • Endpoint Security 

What data security controls have been deployed by CRIF?

CRIF acknowledges data privacy as one of the key pillars of its business operations. As such, CRIF has implemented the following security controls to ensure that the client and consumer data available with us stays safe and secure:

  • Regular Application Vulnerability Assessment and Penetration Testing (VAPT) to ensure that the system vulnerabilities are detected at an early stage

  • Use of Secure Coding Guidelines and Source Code Scanning to ensure that the malicious codes stay out of the system and only verified and authenticated codes are deployed to Production

  • Cryptographic Controls and IP Encryption to ensure that the systems are accessed by the authorized users only 

  • Server Hardening and Endpoint Matching to enhance the security of external servers once deployed into the system

  • Backup Encryption to eliminate any unauthorized access to the data through regular data backups

  • Logging & Monitoring of the users accessing the information to ensure audit trail for data access

With the above checks and controls, CRIF ensures that the data access is limited only to the authorised users and the data remains safe and secure within the encrypted boundaries of CRIF data servers. 

Interested in learning more about our products and solutions? Contact us today to start a conversation.

Get In Touch