PCI DSS v3.2.1 accredited
Information Security
Our Commitment to Data Security
As a global provider of risk and information solutions, we collect, store, and transmit a large amount of sensitive and confidential information. We’re acutely aware that consumers count on us to safeguard their information, as do our data furnishers and business customers. Like many financial institutions and other companies holding valuable data, we experience attempts to access our system. That’s why information security is a company-wide priority at all levels of our organization.
The TransUnion information security team operates globally across all our business units and locations, ensuring coverage and transparency 24 hours a day, 7 days a week. Threats are monitored and evaluated, and our internal controls are adjusted as needed, as we strive to remain effective in a rapidly changing threat environment. Our global information security team is staffed with cyber-threat and intelligence experts with backgrounds and experience from law enforcement, government, military, and industry. Our Information Security program also includes robust policies, employee training and advanced technology, with support and oversight from the board of directors, CEO and executive management.
Global compliance policies and controls are managed under the direction of our Compliance team, whose members hold compliance certifications, in addition to their many years of professional service. Compliance actively partners with Information Security and Corporate Investigations to proactively build effective and efficient controls.
In addition to our own stringent requirements, the financial institutions we work with — which share our interest in safeguarding the information shared with us — also expect that we live up to their high standards. Our security program is regularly audited by many of our customers, including some of the most sophisticated financial institutions in the world. We welcome the rigor of these reviews, as we’re confident our security controls are compliant with the highest standards to which banks are held.
Mitigating Risk:
To meet consumer, business customer and regulator expectations, TransUnion takes a multilayered, risk-based approach to security, which is based on a number of overlapping and redundant controls to reduce the risk of a single point of failure. This approach is designed to prevent, detect and respond — that is, to decrease the likelihood of a breach occurring; reduce the duration of any breach that may occur by ensuring it’s quickly identified; and minimize the impact of a breach by quickly limiting the reach of any compromise and closing off any further access to the environment.
Examples of the types of tools, controls, and procedures we use include:
While we’re taking extensive measures to meet the ever-increasing threats of cybersecurity and fraud, security is not only an information services industry problem. This is a serious threat to all industries and organizations, and it’s not going away. As such, we continue to collaborate with organizations both in and out of our industry to manage best practices.
Maintaining Compliance
TransUnion is governed by strict regulatory oversight. We’re subject to a number of consumer protection laws in the markets we serve, which cover accuracy, security, data privacy, consumer and third-party access to credit reports, and a dispute process to address errors, among other regulations and requirements. In Hong Kong, this includes the Personal Data (Privacy) Ordinance and the Code of Practice on Consumer Credit Data.