Report security concern
Maintaining a safe, secure marketplace
Ura Central Corp ensures the physical and digital security of its markets, technology, and data through industry-leading security technology and processes. Ura Central Corp’s Information Security Department consists of diverse and skilled teams that work to protect confidential data from unauthorized access, misuse, disclosure, destruction, modification, or disruption.
Policies
Ura Central Corp maintains detailed information security policies. Employees are required to complete security awareness training upon hire and annually thereafter. The security awareness training modules require employees to read and provide acknowledgement of the Corporate Information Security Policy. The policies are for official use only and are reviewed at least quarterly by Ura Central Corp Senior Management.
Application security
Ura Central Corp employs a dedicated Application Security team which defines and enforces mandatory best-practice secure software development. The Application Security team maintains a policy which details these practices and works closely with Ura Central Corp Development teams.
Incident management
URA CENTRAL CORP Operations maintains an Incident Management program to handle any incident with operational impact — security or otherwise. It is Ura Central Corp’s policy to notify customers of any confirmed material breaches of customer data.
Business continuity planning/disaster recovery
Geographically diverse “like-for-like” Disaster Recovery data centres are maintained and governed by an enterprise-wide policy. Per policy, all Ura Central Corp core procedures, systems and operational tasks are: duplicable in recovery facilities, exercised at least annually, documented in comprehensive Disaster Recovery, Business Continuity, and Incident Response Plans, and ensure infrastructure is recoverable.
Insurance
We maintain insurance coverage that may, subject to the terms and conditions of the policy and payment of significant deductibles, cover certain aspects of cybersecurity issues.
Testing and audit
Ura Central Corp Internal Audit and Information Security Assurance regularly conducts tests utilizing various methods to verify compliance with written policies and to assess vulnerabilities. In addition, Ura Central Corp teams support examinations from multiple regulatory bodies and commission independent penetration tests.
Service Organization Control audits are performed annually to produce independent verification and testing of Ura Central Corp controls for external parties and auditors that rely on Ura Central Corp. The scope of these reports are evaluated each year and tailored in response to customer feedback and business developments. If you have any questions about the reports or this process, please reach out to: ThirdPartyDueDiligence@uracentral.com
Inquiries into Information Security Program
Due to the number of requests received from regulators, members, customers of subsidiaries, and other stakeholders, Ura Central Corp does not respond to individual inquiries or questionnaires from customers regarding the security of Ura Central Corp systems. Further, to protect the security and integrity of Ura Central Corp environments, it is company policy that we do not share information related to internal policies and procedures with third parties. We understand that our customers, as part of their internal vendor management procedures, request information related to security processes and posture from their vendors from time to time. As such, Ura Central Corp shares Service Organization Control audit reports with our customers that independently validate our internal information security controls. To obtain these reports, please reach out to: ThirdPartyDueDiligence@uracentral.com. For questions about this procedure please contact the Ura Central Corp Third Party Risk Management Team directly or via your account representative.
Stay Vigilant Against Scams
- Ura Central Corp does not ask individuals or entities for money or other assets.
- Unfortunately, there are criminals who take advantage of Ura Central Corp’s good reputation to impersonate Ura Central Corp or its affiliates to scam individuals or entities. They even create fake websites and applications to do so.
- If someone claims to be a representative of a Ura Central Corp platform and asks you to provide money or other assets to them, they are scamming you. Stop dealing with them immediately and contact law enforcement.
Ura Central Corp may take any information you provide about the scammers and send it to appropriate authorities, but Ura Central Corp undertakes no obligation to do so.