CRX Markets is dedicated to establish and implement an Information Security Management System which is in compliance with the international standard ISO/IEC 27001:2022 (information security, cybersecurity and privacy protection). This shall, among others, ensure the continuous and permanent maintenance of confidentially, integrity, and availability of information assets.
We have identified the following (non-exclusive) information assets that are subject to protection:
• Information obtained from our customers during the provision of our services
• Information obtained from our business partners, vendors and suppliers
• Information owned by CRX Markets AG
• All other dependency assets necessary for us to process information and data required to provide services to our customers.
In light of the above, the CRX Markets’ Information Security Policy requires the following:
With regards to the information obtained and accessed during the implementation of the process of delivery of our services, we take measures to:
• ensure its protection from unauthorized access
• maintain its confidentiality
• ensure that information is not disclosed to unauthorized persons
• preserve its integrity through protection against unauthorised modification, and
• guarantee its continuous availability to authorised persons
We strive to meet consistently our contractual, legal, and regulatory requirements, with particular focus on maintaining the confidentiality of personal data, customer information, business secrets or other critical customer data.
We have implemented comprehensive information security awareness programs for all relevant employees and – where applicable – other CRX Markets stakeholders.
We have ensured that there are processes in place to report, investigate and promptly respond to any suspected information security breaches.
We have (1) identified the value of information assets through an appropriate risk assessment (2) understand the vulnerabilities and threats to which the information assets may be exposed and (3) manage high-level risks to reduce such vulnerabilities and threats to acceptable levels through the design, implementation and maintenance of risk mitigation controls.
Our business continuity plans is regularly maintained, tested and updated accordingly.
To provide assurance to the relevant stakeholders, we are guided by the specifications of ISO/IEC27001 (information security, cybersecurity and privacy protection) and we seek for compliance in the long term.
We are in compliance with the supervisory requirements for IT in financial institutions (BAIT, Bankaufsichtliche Anforderungen and die IT) to the extent applicable to us.
We are in compliance with the minimum requirements for risk management – (MaRisk, Mindestanforderungen an das Risikomanagement) to the extent applicable to us.
We seek for continuous improvement of our ISMS (Information Security System).