Data security and stewardship is vital to consumer protection and enabling trust. At TransUnion, we continually invest in improvements to protect the data we hold on behalf of consumers and businesses.
To maintain a comprehensive information security program consistent to our size and complexity, we secure and protect the information entrusted to us by building, monitoring and defending security ecosystem built on a foundation of compliance and accountability. We proactively manage our programs and continuously invest to secure the data we hold on behalf of consumers and businesses.
The priorities of TransUnion’s information security program are:
TransUnion is committed to aligning with industry-leading, cyber risk management best practices, and complying with all legal and regulatory requirements. Our information security program is fundamentally based on ISO\IEC 27001:2013; it includes a global-level Information Security Department that develops the company’s security policies, standards and procedures. This department centrally administers security on the major corporate platforms, and oversees the administration of other systems and platforms. Additionally, TransUnion maintains several information security certifications annually, including Payment Card Industry (PCI), SSAE 18 SOC II Type II and ISO 27001.
To maintain certifications and align with best practices, we conduct regular cybersecurity-related audits and assessments both internally and externally. Our internal and external independent security audits and assessments are conducted at least annually. Continuously and successfully completing these industry certifications demonstrates TransUnion’s commitment to security and adherence to industry expected benchmarks.