Information Security

ISO 27001 Certification

Our entire information security programme is certified under the ISO 27001 framework, which is widely recognised as the gold standard for information security management systems (ISMS). This certification confirms that we have implemented comprehensive policies, processes and controls to protect sensitive data, effectively manage security risks and maintain a high level of cybersecurity.

ISO 27001 certification logo

CRX Markets is committed to establishing and implementing an information security management system that meets the international standard ISO/IEC 27001:2022 (information security, cybersecurity and data protection). Among other things, this is intended to ensure the continuous and lasting maintenance of the confidentiality, integrity and availability of information assets.

We have identified the following (non-exhaustive) information assets that must be protected:

  • Information we receive from our customers during the provision of our services
  • Information we receive from our business partners, vendors and suppliers
  • Information held by CRX Markets AG
  • All other dependency assets necessary to process information and data required to provide our services to our customers.


In view of the above, the information security policy of CRX Markets requires the following:

With regard to the information received and accessed during the process of providing our services, we take measures to:

  • protect it against unauthorized access
  • preserve its confidentiality
  • ensure that information is not disclosed to unauthorized persons
  • preserve its integrity by protecting against unauthorized modification, and
  • ensure its continuous availability to authorized persons

  • We strive to consistently meet our contractual, legal and regulatory requirements, with a particular focus on preserving the confidentiality of personal data, customer information, trade secrets or other critical customer data.
  • We have ensured that processes are in place to report, investigate and promptly respond to suspected information security breaches.
  • We have
    1. identified the value of the information assets through an appropriate risk assessment;
    2. understood the vulnerabilities and threats to which the information assets could be exposed; and
    3. reduced high risks to an acceptable level through the design, implementation and maintenance of risk mitigation measures.
  • Our business continuity plans are regularly maintained, tested, and updated as needed.
  • To provide assurance to relevant stakeholders, we adhere to the specifications of ISO/IEC 27001 (information security, cybersecurity, and data protection) and strive for long-term compliance.
  • We meet the regulatory requirements for IT in financial institutions (BAIT, Banking Supervisory Requirements for IT) to the extent that they apply to us.
  • We comply with the minimum requirements for risk management (MaRisk, Minimum Requirements for Risk Management) to the extent that they apply to us.
  • We strive for continuous improvement of our ISMS (Information Security Management System).