Information Management Structure

Information management guidelines

As listed below, CRD Association has three principles serving as information management guidelines to protect credit information entrusted by members. Based on these principles, CRD assures members that it will perform stringent internal control so on credit information.

  1. CRD Association must understand that credit information is the members' collective and valuable property and that this information must be used in accordance with the purposes and means specified in the CRD Service Provision Agreement among members and the CRD Information Management Policies.
  2. CRD Association must stringently protect and manage members' confidential information obtained through the operation of CRD services or other activities, and should not disclose this information to any third party.
  3. CRD Association must appoint personnel responsible for internal control, and have an organizational structure in place to ensure internal control.

Database operation

The operation of the CRD database is currently outsourced. CRD Association contracts an independent vendor in accordance with the above guidelines and the CRD Information Management Policies. CRD Association allows also for the vendor's record in system operation and its certified qualification in the field of information security.

Data come to CRD from Members and regulation on the Personal Information Protection Law

Data on sole-proprietor SMEs from members, with regards to business enterprise loan, are not subject to the Personal Information Protection Law.

In terms of data come to CRD from members, CRD does not accumulate attribute information which might specify individual identity.

Page Top