We use cookies to ensure that we give you the best experience on our website. By using this website, you agree to this use. More information
TEST - Environment - TEST
Search...

Content of the website of Central Securities Depository Prague

The entire content of the website of Centrální depozitář cenných papírů, a.s. (the “Central Depository”, http://www.centraldepository.cz/, http://www.centralnidepozitar.cz/, http://www.cdcp.cz/) serves for information purposes only. The content of the website was obtained from resources which the Central Depository considers reliable; however, the Central Depository is not responsible for the correctness, completeness and validity of the content.

The content of the website is updated and modified on a continuous basis. The Central Depository reserves the right to modify or remove any part of the website content without prior notice.

Copyright

It is forbidden to make use of the website of the Central Depository or any part thereof otherwise than for one’s own needs, particularly to further publish, copy, process, modify or reproduce the content hereof. It is furthermore forbidden to make any intervention in the technical or material character of the website. Use for other than one’s own need constitutes an unauthorized infringement on the rights of the Central Depository and may also infringe the rights of third parties whose information is presented in the website.

Responsibilities and Warranties

The Central Depository does not assume any responsibility for the correctness, completeness and validity of the content of this website. Furthermore, the Central Depository is not responsible for any direct or indirect damage incurred from the connection to and use of the website of the Central Depository or any damage incurred as a consequence of the partial and/or full non-functionality hereof.

The Central Depository does not warrant the ability to connect to or the proper functioning of the website, or any direct or indirect damage incurred from the inability to connect to this website and/or make use of the content hereof.

The Central Depository is not responsible for the content of the websites available through the Central Depository’s website, or for any liabilities of the persons offering, providing or intermediating the services of such websites. The Central Depository is not responsible for the content of the websites from which it is possible to connect to the Central Depository’s website, or for any liabilities of the persons offering, providing or intermediating the services of such websites.

Approach to the protection of processed information

Central Securities Depository Europe („CSD“) consider the protection of processed information as its priority. PSE takes the protection of its information as well as its client’s information as a set of defined and strictly managed rules which target is to protect all important immaterial assets.

The aforementioned companies consider the protection of information processed in the IS of the CSD an important component of activities carried out by all users of the system and pay appropriate attention to it. The directors and officers are in accordance with the scope of their authorities ready to enforce the objectives, principles and rules set forth herein and to follow them in order to make sure that information security of the CSD complies with relevant legal regulations, decisions made by surveillance authorities, binding methodologies issued by market regulators and business needs of the CSD.

The methodical basis for information security solutions are the CSN ISO/IEC 27000 series standards (hereinafter referred to as „standards“).

The protection of all own and entrusted information is secured by proprietary „Information Security Management Systém“ („ISMS“).

CSD’s ISMS Applicability

The applicability of the CSD’s ISMS is determined by the purpose and scope of the CSD’s IS, its architecture, and composition. It includes all assets regardless of their type. The management of the CSD is responsible for the whole CSD’s IS and thus for the security of information that the CSD’s IS handles.

The CSD’s ISMS represents an implementation of security and functionality requirements set forth in the standards. The principles and rules of information security specified in the basic security documentation of the ISMS are binding for the whole CSD’s IS.

The CSD’s ISMS applies to all the parts of the organization structures of the CSD’s companies and to all users of the CSD’s IS (regardless of their position within the organizational structure of the particular CSD member) coming into contact with the information in the CSD’s IS, including external users that are handling information in the CSD’s IS. The CSD’s ISMS also applies to all premises of the CSD and premises of the back-up (disaster recovery) office.

The Information Security Management System covers all processes and measures related to the protection of processed information and its storage sites and to the overall security of the CSD’s IS operation. The ISMS contains security elements and measures protecting the confidentiality, integrity, authenticity and accessibility for both automated and non-automated information processing in all areas of CSD’s activities. The ISMS provides security functions of the CSD’s IS and specifies security rules for all users of the CSD’s IS.

Information Security Objectives

The main security objective is:

  • to ensure permanent and efficient security of the CSD’s IS and the information it processes concerning the protection of its accessibility, confidentiality and integrity and thus to ensure the indisputability of selected operations with the information and elements of the said IS,
  • to reduce threats and vulnerabilities to an acceptable level and subsequently also minimize the risks,
  • to eliminate or at least to reduce to an acceptable level all potential risks endangering the IS through using suitable measures,
  • to ensure that the potential damage concerning both the CSD’s IS and other related tangible and intangible assets of the CSD members is minimized,
  • to reach the required level of responsibility of the employees of individual CSD members,
  • to meet the basic objectives of the IS security in any situation and under any conditions of the CSD’s IS servicing its purpose.
  • Basic Security Rules

The basic rules of information security within the CSD’s IS are as follows:

  • An access to the IS information and services is provided only in the scope necessary for the completion of the assigned work (i.e. “need to know” principle).
  • Every person (subject) authorized to access the CSD’s IS has defined rights and responsibilities.
  • Protected information is subject to relevant confidentiality, integrity, accessibility, and undeniable responsibility.
  • Access to CSD’s information and IS services is managed and monitored.
  • Preventive security precautions, including operations-continuity plans are preferred to a consequential elimination of undesirable consequences.
  • All users of the CSD’s IS are held responsible for protection of information and observance of security rules and principles.
  • Security requirements are applied and implemented in all phases of CSD’s IS development and operation.
  • Users’ training and education in security is one of the tools helping to prevent the occurrence of undesirable events.
  • Employees CSD key positions in the area of the CSD’s IS development and administration are sufficiently replaceable.
  • Any breach of security policies triggers relevant consequences.
  • The principle of “clear monitor screen” is reasonably applied within the access management.

Basic Principles of CSD’s ISMS

The intention of the CSD’s governing body is to manage the security of the CSD’s IS in compliance with the requirements of standards, to coordinate the implementation of security measures in accordance with the scope of activities and responsibilities of individual managers and also pursuant to the below-specified principles stemming from the practical application of recommendations specified in standards.

The principles underlying the CSD’s ISMS are as follows:

  • Principle of Responsibility – the enforcement of set principles, rules, and processes related to information security is always connected with individual responsibility of specific persons.
  • Principle of Integration – information security policy is enforced by the comprehensive management system which integrates and coordinates activities carried out by all involved internal departments of CSD members and concerned external subjects.
  • Principle of Compliance – all established principles, rules and operating processes are in compliance with legislation of the Czech Republic, with all contractual arrangements and with the requirements of standards.
  • Principle of Awareness – all the users and all subjects with an access in/to the CSD’s IS must be appropriately familiarized with the valid principles and rules of CSD’s IS security and must be able to adequately apply the specified security measures.
  • Principle of Verification – the implementation and observance of the information security principles, rules and procedures must be regularly inspected. Any deficiencies must be documented and corrected as specified.
  • Principle of Continuity – the measures adopted in order to ensure information security must be applied continuously within the whole range of the CSD’s ISMS.
  • Principle of Formalization – information security management must follow the unambiguously defined and described procedures. The integral part of the ISMS management also involves the tools of inspection and independent audit, which thoroughly verify the degree and quality of the adopted measures implementation.
  • Principle of Efficiency and Proportionality – the information security is based on security measures ensuring maximum efficiency with minimum consumption of all resources. The measures are chosen in such a way to correspond with the value of protected assets and to reflect the real security needs of the CSD’s IS.
  • Principle of Best Practices – the specified procedures and security measures are applied based on proven best practices recommended by the standards.
  • Principle of Continuous Development – CSD’s ISMS counts on the continuous development of the CSD’s IS, the improving quality of its services and at the same time on the persistent enhancement of CSD’s IS security.