Credit reporting agency Equifax on Wednesday released its security and privacy controls framework to provide a public blueprint to help organizations to build or enhance their own cybersecurity programs.
The framework, released as open-source, provides tools that can be used by businesses large and small to design, build and maintain secure processes, Equifax said.
Equifax Chief Information Security Officer (CISO) Jamil Farshchi said the framework was created as part of the company’s $1.5 billion investment into a security transformation that followed a massive data breach in 2017 that exposed personal data from approximately 147 million people.
In a 2022 post-breach settlement with the FTC, Equifax was ordered to spend $1 billion on data security improvements.
“Over the course of several years, we’ve made unprecedented investments in our cybersecurity, and now, we’re open sourcing our security and privacy controls framework to help other organizations who need it,” said Russ Ayres, Senior Vice President, Security Architecture and Engineering at Equifax.
“The framework we’ve created is comprehensive enough to protect an entire organization and has the specificity to ensure that it can be implemented swiftly and effectively.”
The company said the five core capabilities within the framework — cybersecurity, privacy, fraud prevention, crisis management and physical security — matches the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) and Privacy Framework (NIST PF) and support a comprehensive, defense-in-depth approach to security and privacy.
Farshchi said the newly released framework has served as the basis for nearly every improvement made by Equifax in security and privacy. “It was the mechanism we used to establish our strategic priorities, assess risk across our enterprise, navigate regulatory requirements, and drive progress,” he added.
Related: 143 Million Affected in Hack of U.S. Credit Agency Equifax
Related: Equifax Ordered to Spend $1 Billion on Data Security
