Maintaining a Safe, Secure Marketplace
Business Continuity Planning / Disaster Recovery
Testing and Audit
ICE Internal Audit and Information Security Assurance regularly conducts tests utilizing various methods to verify compliance with written polices and to assess vulnerabilities. In addition, ICE teams support examinations from multiple regulatory bodies, and commission independent penetration tests.
A rigorous Service Organization Control (SOC) audit is performed annually to produce independent verification and testing of ICE controls for external parties and auditors that rely on ICE. The scope of this report is evaluated each year and tailored in response to customer feedback and business developments. The report is available to requesting participants and covered by the confidentiality provisions of the Participant Agreement. Potential customers not bound by the Participant Agreement must obtain a separate NDA to receive the report. To request reports send an email request to [email protected].
Inquiries Into Information Security Program
Due to the number of requests received from regulators, members, customers of subsidiaries, and other stakeholders, ICE does not respond to individual inquiries or questionnaires from customers regarding the security of ICE systems. Further, to protect the security and integrity of ICE environments, it is company policy that we do not share information related to internal policies and procedures with third parties. We understand that our customers, as part of their internal vendor management procedures, request information related to security process and posture from their vendors from time to time. As such, ICE shares SOC reports with our customers that independently validate our internal information security controls. To obtain a report, please send a request to the email specified in the preceding section of this page.
For questions about this procedure please contact the ICE Information Security, Governance, Risk, and Compliance team via your account representative.