As listed below, CRD Association has three principles serving as information management guidelines to protect credit information entrusted by members. Based on these principles, CRD assures members that it will perform stringent internal control so on credit information.
The operation of the CRD database is currently outsourced. CRD Association contracts an independent vendor in accordance with the above guidelines and the CRD Information Management Policies. CRD Association allows also for the vendor's record in system operation and its certified qualification in the field of information security.
Data on sole-proprietor SMEs from members, with regards to business enterprise loan, are not subject to the Personal Information Protection Law.
In terms of data come to CRD from members, CRD does not accumulate attribute information which might specify individual identity.