As a service provider to the financial services industry for more than 40 years, Broadridge recognizes that information security is a primary concern for our clients—both their own security and that of their preferred providers. Broadridge is sensitive to our clients' security concerns and demonstrates this through our established information security assessment and certification programs. These programs are specifically tailored to our products and services where appropriate.
| Assessments and Certifications Include: | |
|---|---|
| SAS 70 Type II Audited - core products and services are subject to in-depth audits of control objectives and control activities. Audits focus on controls over information technology and related processes. |  |
Sarbanes-Oxley Act (SOX) audited for information security and information technology controls. |
|
Gramm-Leach-Bliley Act Safeguards - adherence to GLBA standards applicable to service providers to financial institutions as determined by client contract requirements. |
|
ISO 9001:2000 - where appropriate, processes and procedures are documented and monitored to ensure effective controls and continual improvement. |
|
ISO 27001:2005 - adherence to the information security management system (ISMS) methodology. |
|
ISO 27001 Certified - design, architecture, development, service delivery and print production for BPS, impact SM, ProxyPlus®, SIS and India operations. Certifications are ongoing for additional businesses and products within Broadridge. |
|
Canadian Institute of Chartered Accountants (CICA) Section 5970 Type II Audited - core Canadian products and services are subject to indepth audit of control objectives and control activities. Audits focus on controls over information technology and related processes. |
|
FFIEC Audited - in-depth annual audit of security and technology controls. |
|
| Payment Card Industry (PCI) Data Security Standard - applicable where Broadridge transmits, processes or stores credit card information. | |