Equifax Makes Security and Privacy Controls Framework Available to the Public
Initiative is Part of Company’s Ongoing Commitment to Furthering Transparency in Cybersecurity
TORONTO, MAY 9, 2023 – Equifax® (NYSE: EFX) is furthering its commitment to transparency in cybersecurity by making its security and privacy controls framework public for the benefit of security and privacy teams at organizations of all sizes. By enabling the larger technology ecosystem with the tools to design, build and maintain secure processes, Equifax is helping empower companies to set a cybersecurity and privacy posture that is more adaptable to evolving threats.
“Over the course of several years, we’ve made unprecedented investments in our cybersecurity, and now, we’re open sourcing our security and privacy controls framework to help other organizations who need it,” said Russ Ayres, Senior Vice President, Security Architecture and Engineering of Equifax. “The framework we’ve created is comprehensive enough to protect an entire organization and has the specificity to ensure that it can be implemented swiftly and effectively.”
Five core capabilities — cybersecurity, privacy, fraud prevention, crisis management and physical security — are represented in Equifax's unified security and privacy controls framework. Equifax selected the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) and Privacy Framework (NIST PF) as the foundation for its security and privacy controls because these guidelines support a comprehensive, defense-in-depth approach to security and privacy. Their flexible, risk-based structure can also be tailored to meet a company's specific needs.
“This framework is the foundation of our strength in cybersecurity,” said Jamil Farshchi, Executive Vice President and Chief Information Security Officer of Equifax. “It has served as the basis for nearly every improvement we made in security and privacy and it was the mechanism we used to establish our strategic priorities, assess risk across our enterprise, navigate regulatory requirements, and drive progress. Our hope is that others will leverage this blueprint to help build or enhance their own cybersecurity programs.”
The Equifax security and privacy controls framework can be found on controlsframework.equifax.com. Equifax is among the few, if any, public companies that have made their security and privacy controls framework available to the public. For more information about cybersecurity at Equifax, check out the company’s 2022 Security Annual Report.
ABOUT EQUIFAX INC.
At Equifax (NYSE: EFX), we believe knowledge drives progress. As a global data, analytics, and technology company, we play an essential role in the global economy by helping financial institutions, companies, employers, and government agencies make critical decisions with greater confidence. Our unique blend of differentiated data, analytics, and cloud technology drives insights to power decisions to move people forward. Headquartered in Atlanta and supported by nearly 14,000 employees worldwide, Equifax operates or has investments in 24 countries in North America, Central and South America, Europe, and the Asia Pacific region. For more information, visit Equifax.com.