Information security is a vital prerequisite for any firm that wishes to interact with the capital markets. Industry firms must exchange large quantities of highly sensitive information and signal stability to their clients and counterparties.

The requirements are numerous, and the increasing need to operate in multiple asset classes or jurisdictions compounds the problem.

At Itiviti, a Broadridge business, we understand that these considerations are fundamental. That’s why we are pleased to announce that a few weeks ago, following an extensive audit, Itiviti’s Information Security Management System (ISMS) Program has been awarded the ISO/IEC 27001:2013 certification for the fourth consecutive year. 

Adherence to globally recognized standards for reliability and confidentiality is one of our top priorities, and it is our hope that this recognition will raise awareness of our market-leading position in these areas.

“Our ISMS Program encompasses our entire operations globally, from the managed infrastructure where client data is housed to our internal corporate network.“

Omar McKenzie

A culture of security

Our ISMS Program covers a range of functions – information security, network security and data protection services, as well as our risk and governance committee. It encompasses our entire operations globally, from the managed infrastructure where client data is housed to our internal corporate network. 

Regular infrastructure review and improvements

From top to bottom, we strive to maintain a culture of security, with the full support of our management and board of directors and a dedicated budget for infrastructure improvements.

We perform quarterly reviews and make continuous updates to ensure any vulnerabilities are identified and resolved as quickly as possible.

Upholding best practices for clients

While vendors are not required to maintain such a robust security operation, we have identified it as one of our most crucial best practices.

Our clients are among the most regulated firms in the world, with numerous security and compliance burdens across a wide range of jurisdictions, and we want them to see that we have received a vote of confidence from a respected standard. We understand what it means to go through an audit and answer tough questions about our infrastructure, and that puts us in an ideal position to help our clients meet the very same challenges with confidence and efficiency.

“We strive to maintain a culture of security, with the full support of our management, board of directors, and a dedicated budget for infrastructure improvements.“

Omar McKenzie

High resiliency and continuity at all times

While the ISO/IEC certification lasts for three years, it involves an annual surveillance audit as part of its ongoing oversight. Receiving our fourth consecutive certification means we just started our second three-year cycle, which marks a significant milestone for our ISMS team.

Passing the audit once is validation in itself, but doing so multiple times is evidence of a sustained effort and commitment to maintain robust security protocols on an enterprise level.

Beyond demonstrating a general commitment to security, the onset of the COVID-19 pandemic thrust our ISO/IEC audit into the spotlight. The implementation of our business continuity plan occurred seamlessly in part because we were asked to sort it out two years ahead to receive our initial certification. While we had always been attuned to potential disruption, the need to refine our process, secure the necessary approvals and put it all in writing meant we were ready to go from the moment the lockdowns began.

Proven infrastructure and operations during COVID-19

March 2020 was a true all-hands-on-deck moment – we needed every single employee working to help our clients navigate a rapidly changing world.

The necessary security adjustments were minimal – devices that our people brought home were already prepped for remote use, so they were fully secure regardless of the user’s home network. On the client side, our multiple data centers were managed remotely and tested continuously, minimizing disruption.

While we worked to increase bandwidth on the back end, all products and services remained fully functional throughout this shift. This was critical as our clients were forced to navigate not just new work environments, but also highly volatile markets.

Proven infrastructure and operations, settling 6 million new orders a day in highly volatile times.

“On the client side, our multiple data centers were managed remotely and tested continuously, minimizing disruption [...] This was critical as our clients were forced to navigate new work environments and highly volatile markets.“

Omar McKenzie

Staying Ahead and Ongoing Innovations

Keep up with global information security standards

Having a global customer base means accounting for diverse needs, and we are no exception. At Itiviti, our ISMS team is in constant improvement mode, actively monitoring relevant information security standards around the globe. These include GDPR in the EU, Hong Kong's (HK) Securities and Futures Commission (SFC), Monetary Authority of Singapore (MAS), UK Financial Conduct Authority (FCA), and the US  Financial Industry Regulatory Authority (FINRA), among others.

In recent years, we have streamlined our client due diligence process and act on client audit requests quickly and efficiently. We perform as many as 250 of these audits a year, so efficiencies in this area make a real difference. We have also implemented a Security Operations Center (SOC) to serve as the eyes and ears of our network on a 24/7 basis, serving as an additional line of defense to complement our global monitoring team.

New initiatives to support future growth

Now part of the larger Broadridge family, the added scale has spurred the team to take a closer look at the legal dynamics between the US and the EU in terms of exporting data. It has also prioritized data encryption. While Itiviti does not process or store  personally identifiable information, some of our clients have alerted us that they would prefer some amount of encryption, and we are making progress in this area.

Looking ahead, there is still much fertile ground for innovation. We are actively working to make our SOC group  more proactive by providing them with the necessary resources to perform threat hunting and searching for and remediating vulnerabilities throughout our ecosystem. We also strive to stay on top of all manner of threats, and to that end constantly train our people and systems to respond to new forms of ransomware and phishing, even training them in lab environments.

Overall, every division of Itiviti is working to support the firm’s growth ambitions, and the ISMS team is no exception. This is especially important as new players with a strong grasp of security, including crypto firms, private equity firms and hedge funds, continue to enter the space. The information security landscape is ever-changing, and we stand ready to support our business and our clients through adaptation, expertise and constant improvement.

“The information security landscape is ever-changing, and we stand ready to support our business and our clients through adaptation, expertise and constant improvement.“

Omar McKenzie

Read more

Thumbnail website 2021 ISO

Itiviti Information Security

Itiviti’s ISMS Program awarded the ISO/IEC 27001:2013 certification for the fourth consecutive year. 

Read more
Thumbnail website 2021 interview diversity

Diversity and inclusion will remain a key focus

Ray Tierney, who became Itiviti’s president in June 2021, brings more than 35 years of capital markets experience...

Read more
Taking the baton, and running with it

Taking the baton, and running with it

Ray Tierney, newly appointed President of Itiviti talks to Markets Media Group’s chief editor Terry Flanagan about his vision...

Read more
01 Thumbnails website 2021 MCA award

Best OEMS in Markets Choice Awards 2021

Itiviti won Best Order and Execution Management System (OEMS) from the prestigious 2021 Markets Choice Awards. Organized by...

Read more
01 Thumbnails website 2021 linda award

Linda Middleditch - Gender equality/diversity professional of the year

Linda Middleditch, chief of product strategy and engineering at Itiviti, wins this year’s gender equality/diversity professional of the...

Read more
Thumbnails website 2021 LME

Outstanding Technology Provider in Trading Editor’s Choice Awards

Itiviti continues to garner industry recognition for trading technology innovation by being named “Outstanding Technology Provider” at the...

Read more
Evolution Innovation 2

Itiviti’s Blueprint for Success - Investing in People and Products

Itiviti won the best low-latency trading network category in last year’s Buy-Side Technology Awards. On the back of...

Read more
Rob FOW interview thumbnail

A growing demand for modern technology

Itiviti has won the Equity Trading Solution of the Year for its Sell-Side Order Management System in the...

Read more
01 Thumbnails website 2020 happy holidays

Happy holidays by Itiviti

Itiviti wishes you a happy holiday and a better 2021.

Read more
Omar round 2

Written by

Omar McKenzie

Head of Security & Compliance Services, Itiviti, a Broadridge Business

Share this insight