Equifax Helping To Secure Tech Ecosystem by Publishing its Controls Framework
EQUIFAX REMAINS COMMITTED TO FURTHERING TRANSPARENCY IN CYBERSECURITY. To support this commitment, we made our security and privacy controls framework public in May 2023.
Security controls frameworks give security and privacy teams at organizations of all sizes the tools to design, build and maintain secure processes. Many small businesses currently lack a framework due to the time, effort and expertise it requires. Delivering on our commitment, Equifax is sharing our blueprint so smaller organizations don’t have to start from scratch.
Since the framework’s release, data shows it has been accessed by 5.2K users across 90 countries, including security professionals at companies ranging from Fortune 500 companies to technology startups and small nonprofits.
Many users cross-referenced our framework against their existing ones, pinpointing areas where they can augment their programs with some of the controls we use in ours. Based on users’ feedback, we’re now also in the process of mapping controls in our framework to an even broader set of global standards, so it more easily complements all types of companies’ existing approaches to security governance.
The framework enables organizations to:
Identify: Find risks and determine the severity
Protect: Ensure assets are prepared for potential attackers
Detect: Discover system vulnerabilities
Respond: When a vulnerability is found, act on it
Recover: Assess what happened to help prevent future incidents
The Equifax security and privacy controls framework can be found on controlsframework.equifax.com. It includes a step-by-step guide, as well as filters to help security teams sort applicable controls for their specific needs. The information can easily be viewed online, or downloaded into common file formats for customization into each company's unique controls and technical requirements.
For more information about cybersecurity at Equifax, check out the company’s 2022 Security Annual Report.