DCV Certifications and Ratings
ISO 27001 STANDARD CERTIFICATION
During the month of November 2019, DCV successfully achieved the ISO 27001 certification for Information Security. This is the principal international standard on this matter and seeks to protect and preserve the confidentiality, integrity and availability of information from a wide range of threats.
What DCV achieves with this certification is to ensure the integrity, reliability and availability of information; implement international standards associated with information security; develop an adequate security policy aligned with the business; and develop, adopt and promote measures to reduce the impact of a security incident.
TThe certification is valid for three years but considers reviews each year.
Quality Assessment Certification. Internal Audit.
During November 2017 DCV obtained certification of its internal audit process from the Institute of Internal Auditors of Spain, which is an entity authorized by the Global Institute of Internal Auditors (IIA Global), the world’s highest authority on the matter.
The Quality Assessment (QA) shows the commitment of DCV’s control and compliance management team in connection with the compliance with International Standards for the Professional Practice of Internal Auditing and to continuously improve its quality, professionalism and best practices.
This certification confirms that DCV is a company constantly searching for best practices and standards at a global level.
Thomas Murray A+
In 2014, DCV reengaged Thomas Murray services, a British company specializing in rating the risk of entities that form part of the capital markets’ infrastructure globally, with the purpose of performing an update of the rating carried out in 2011.
The assessment of the global risk performed that year has positioned DCV in a low-risk level by ratifying the A+ rating over the average risk of depositories in America, surpassed only by Brazil in Latin America, and by Canada and the United States in North America.
The measurement considered six risk dimensions and in this occasion, two new ones have been added: Asset Commitment Risk and Governance and Transparency Risk (G&T Risk). “Asset Commitment Risk” considers the risk involved by the time where the securities or the money are withheld until it is received by the counterparty. In turn, “Governance and Transparency Risk (G&T Risk)” reflects the risk of a participant incurring in loss on account of DCV not acting according to the laws or regulations, or not submitting complete or accurate information concerning its activities or the securities market activities.
These two new assessments have affected the global results of the Company, so maintaining the A+ rating obtained in 2011 has resulted in significant progress for DCV.
The assessment implies a global revision of DCV processes, projects and environment, including controlling entities and participants, who through interviews, provide information for the global assessment.
Certification to ISO 22301
During September 2016, DCV successfully achieved certification with Worldwide recognized at a global leveltion in the ISO 22301:2012 standard “Corporate security – Business continuity management systems – Requirements”, held by the British Standards Institution (BSI).
ISO 22301 is an international standard for business continuity management which that identifies the foundationsfundamentals, and establishes the process, principles and terminology of business continuity management. It provides a basis for the understanding, development and implementation of business continuity within your organization.
This certification confirms globally that DCV is a company, which besides its experience, is able to respond quickly and effectively when facing a threat of unexpected and potentially devastating interruption of its operations, protects its business and reputation, and preserves the interests of its stakeholders.
Certificate of Adoption and Implementation of the Crime Prevention Model
On February 23, 2018, after a continuous process of monitoring and testing, BH Compliance Limitada, has returned to certify that the Central Depository of Securities and DCV Registries have a Crime Prevention Model implemented according to the requirements dictated by the Law 20,393, in relation to its situation, size, turnover, income level and complexity.
The certification states that the crime prevention model adopted and implemented by the company has in all material respects the elements listed in the law, according to the specific needs of said company and that it is known to all the organization.
The Certification carried out by BH Compliance gives directors a history of fulfilling their supervision duties for the SVS, shareholders and the Public Prosecutor, thus reducing the risk of fines and public exposure.
Certification to BS 25999
In October 2013 the DCV successfully completed the certification process in the BS 25999 awarded by BSI Group, one of the leading certification bodies in the world , validating DCV commitment to the implementation of international best practices in a process based on continuous improvement.
Business continuity is one of the strategic pillars of DCV , and under it , a Management System Business Continuity ( BCMS ) was designed under the British standard BS 25999 , which provides a plan of good management practices and preventive solutions to unexpected interruptions that could affect the operation of the company; as a loss of energy, severe weather conditions , epidemics or political instability .
This achievement is certainly a differentiator to CSDs and confirms that services are delivered to the market under the highest standards and measures to ensure its continuity.
About BSI Group
British Standards Institution (BSI Group) is the national standards body of the UK, recognized globally for its independence, integrity and innovation in the creation of standards that promote best practices in continuity. BSI Group provides independent certification of management systems , as well as provide the certification through training : www.bsigroup.com
Since 2009, DCV has successfully completed this report, which has been prepared and evaluated by an external auditing firm (Ernest & Young). SSAE-16 is the acronym for Statement on Accounting Standards Nº70, which was developed and is maintained by AICPA (American Institute of Certified Public Accountants).
SSAE-160 is an independent report on the internal control structure of the organization that provides services to third parties, especially those affecting the internal control structure of the user organization.
DCV and DCVR issues the TYPE II report that certifies the controls implemented and the tests on the operational efficiency of said controls. The controls are tested for a specific period, no less than 6 months, with which it is possible to conclude with reasonable certainty whether or not these have worked during that period of time.
The benefits this report brings to DCV are:
- Provides an independent evaluation of the organization’s control procedures.
- Provides the organization a level of “reasonable certainty” of the integrity of the controls established in the different business processes and systems.
- Minimizes the number of audits on “internal controls” of the service organization requested by the different clients and auditing firms thereof.
- Identifies the more critical processes.
- Permits the demonstration of an adequate control environment and the seriousness of the organization.
- Permits being on the cutting edge of compliance with the international standards.
The processes evaluated in this report are, among others:
Custody of securities, withdrawal of securities, administration of capital events, transfer of securities, customer service desk (MAC), central registry of issuers, limit controls, collection of SADE remunerations, F.L.I ; deposit and withdrawal of equity securities,
Transfer of shares, share maintenance, administration of securities, issuer administration, share inquiries, generation and payment of dividends, corporate events.
(General coordination of information technologies)
Organization and administration, development and maintenance, infrastructure change control, change control, physical access control, and environmental controls, logical access control, exploitation and support.
In 2011, the audit and IT areas of DCV adhere to this certification in order to provide added value to the processes; a certification that grants more value to the business through the development and improvement of the processes, and thus, improve the quality of the services, availability, among others, in order to provide increased client satisfaction.
The ITIL (Information Technology Infrastructure Library) is a group of concepts and practices for the administration of information technology services, the development and operations related to the same. The ITIL provides detailed descriptions of an extensive group of operational procedures designed to help organizations achieve quality and efficiency in IT operations. These procedures are independent of the supplier and have been developed to serve as guidelines covering the whole IT infrastructure, development and operations.
To DCV, the ITIL is a guideline that has served as part of the process of solution of incidences, helping detect and deliver lasting solutions, contributing to the generation of value for the business in the management of IT.
The certifications of DCV personnel in the ITIL are: ITIL Version 3 Foundation, ITIL Version 3 Intermediate; Operational and Support Analysis.
At DCV we have seven professionals certified in two areas: Auditing (3) and Technology (4).
The ITIL is a continuous process so it has scheduled a new course with certification for 20 more people, completing the 100% of the Technology personnel and 6 people from the risk area.
In 2011, DCV adheres to this certification in order to provide support to the requirements and processes of IT businesses.
DCV is aware of the benefits of information technology, and it understands and administrates the associated risks, such as the increase in regulatory requirements, as well as the critical dependence of many business processes on IT.
The results and improvements that this certification has for DCV are the good practices for the control of the information, IT and the risks involved. COBIT is used to implement the administration and improve the IT controls. It contains control objectives, assurance guidelines, performance and results measures, critical success factors and maturity models with emphasis on strategic alignment, delivery of value, administration of resources, administration of risk and performance measurement.
In 2009 the Information Systems Audit and Control Association (ISACA) certifies DCV’s internal audit team, obtaining a CISA (Certified Information Systems Auditor) certification. This certification distinguishes the internal audit team as professionals with proven training in audit, control and information systems security, in conformity with standards and guidelines that are accepted worldwide, allowing us to make sure that the IT of the companies and the business systems are controlled, monitored and assessed properly and efficiently.
This certification is based on an international standard, accredited by the American National Standards Institute (ANSI) and approved by the Department of Defense of the United States (DoD) in the category of Technical Information Assurance (DoD 8570.01-M).
During 2016, internal audit staff (3) obtained the certification to evaluate with respect to this standard that provides the generic principles and guidelines on risk management.