ICE Internal Audit and Information Security Assurance regularly conducts tests utilizing various methods to verify compliance with written polices and to assess vulnerabilities. In addition, ICE teams support examinations from multiple regulatory bodies, and commission independent penetration tests.
Service Organization Control (SOC) audits (both SOC1 and SOC2 reports issued across various product offerings) are performed annually to produce independent verification and testing of ICE controls for external parties and auditors that rely on ICE. The scope of these reports are evaluated each year and tailored in response to customer feedback and business developments. These reports are available to any customer via the TPRM Portal here: https://ice.safebase.us
Due to the number of requests received from regulators, members, customers of subsidiaries, and other stakeholders, ICE does not respond to individual inquiries or questionnaires from customers regarding the security of ICE systems. Further, to protect the security and integrity of ICE environments, it is company policy that we do not share information related to internal policies and procedures with third parties. We understand that our customers, as part of their internal vendor management procedures, request information related to security process and posture from their vendors from time to time. As such, ICE shares SOC reports with our customers that independently validate our internal information security controls. To obtain these reports, please visit: https://ice.safebase.us