Security & Business Continuity

Security & Business Continuity

Information Security

Information Security is one of the key drivers in CDC’s business model to ensure reliable and smooth services to our clients. CDC has an established Information Security Management System (ISMS) through which threats / vulnerabilities are monitored and addressed timely to mitigate risks.

All businesses of CDC are certified against globally accepted ISO/IEC 27001:2013 standard, demonstrating our commitment and focus to safeguard the information critical to the functioning of Pakistan Capital Market. Moreover, it ensures that our clients’ assets are well protected in line with internationally recognized best practices of the information age.

Security is embedded into all functions of the company such as IT, Finance, Legal, Operations, Marketing, Product Development, HR, Administration and Internal Audit. This cross-functional implementation provides best value to the quality of service.

Business Continuity Program

CDC holds a unique privilege to be among very few organizations across the globe, few international depositories and the very first organization in Pakistan to achieve ISO/IEC 22301:2012 for its Business Continuity Program.

CDC also has a fully functional BCM Committee headed by the CEO and is comprised of top management that reviews and upgrades the policies and takes necessary actions when required. BCM is designed to bridge potential gaps between people, locations and technology by focusing on the functionality between them in situations that could threaten business operations in all areas of operation at CDC.

BCP at CDC is benchmarked with the best practices taken from across the globe. Some of these major aspects include:

Crisis Management Planning

To deal with any unforeseen incident, the company has a crisis management plan in place, which prepares the company to respond and recover from any such event. The plan is chalked out to minimize impact of the incident and provide guidance to employees on how to respond in such circumstances.

Security and safety guidelines are also provided to visitors guiding them for times of emergency. Floor plans, emergency signs and critical contact numbers are placed on all floors. Safety equipment such as smoke detectors, fire extinguishers etc. are also available at appropriate locations. The CDC House is a completely non-smoking premises. The building is equipped with public addressing system that provides directions to employees in the event of an emergency.

Recovery of Critical Business Processes

Business Continuity at CDC is designed to respond to any business disruption by resuming critical functions within a defined timeframe. CDC understands that extended delay in revival of its critical business processes may create operational difficulty for its clients that are associated with the company in different capacities.

Communication in Crisis

The effectiveness of Business Continuity Program extensively depends on the ability of its members to communicate with each other to coordinate activities, share information and implement appropriate strategies. The communication about the incident is passed to vital staff using the call tree.

Resilient IT Infrastructure

Resilient IT infrastructure is the most critical component in the overall resiliency and business continuity planning of any organization. At CDC we achieve data resilience via replication among 3 geographically dispersed data centers to avoid single point of failure. The arrangement ensures high availability, business continuity and disaster recovery at a zero data loss.

Welfare of Staff

CDC understands that people are its most critical asset and organizational success cannot be achieved without them. The Company enforces emergency procedures and exercises them constantly to safeguard its employees against any uncertain situation. In addition, to fully equip its employees to cope with emergency situations, CDC arranges safety and security trainings like First Aid and Fire Fighting from professional bodies.