Equifax is committed to being an industry leader in security. That's why, since 2018, we have invested an additional $1.5 billion in our security and cloud technology transformation. Today, we are a new Equifax. Our culture prioritizes security, and we have overhauled our security controls, completed rigorous certifications of our program, and shared lessons learned with our customers and partners. Security is embedded into everything we do. To learn more about security at Equifax, read our 2020 Security Annual Report.  


At Equifax, security is built into the DNA of our company. We continuously reinforce our culture of security by ensuring that all employees understand how they contribute to protecting data and systems and treat security as a personal priority.
Tone at the Top
The Equifax Board of Directors and senior leaders have established a strong “tone at the top” in support of security. The Equifax Board is actively engaged in oversight of our security program and includes Directors with relevant  expertise. Additionally, security reviews are integrated in our acquisition and capital allocation processes.
Aligned Incentives
Beginning in 2018, all bonus-eligible employees have a security performance measure included in the calculation of their annual incentive compensation. This change, reinforces our culture by aligning our bonus-eligible employees’ incentives with progress against our security program goals.
Shared Responsibility
Our Board of Directors, leaders, and employees receive security training at least annually. Our customized training program includes role-based training, ongoing campaigns to combat phishing, and customized feedback to aid learning. Tabletop exercises ensure that leaders and team members are ready to respond effectively in the event of a crisis.


We employ a defense-in-depth approach with multiple layers of controls designed to prevent or limit the success of an attack. Our controls work in concert – no control is viewed in isolation.
Built In, Not Bolted On
Security is embedded in our development cycles. Tools and processes like security advisements, automatic code scanning, and penetration testing are integrated into our development pipeline and improve the security of the data, systems, and products that our consumers and customers use.
Controlled Access
By controlling access to our data environments, we provide the right access to the right people at the right time. During our transformation, we expanded multi-factor authentication (MFA) and vaulted privileged, administrative, and service accounts, while increasing coverage of endpoint privilege management.
Protection and Detection
As we migrate to the cloud, we have strengthened our cloud protection and detection controls with an integrated Cloud Access Security Broker, Data Loss Prevention, and Single Sign On. In addition, we have deployed a layer of assurance across our cloud platforms that monitors the implementation and effectiveness of our cloud controls.


We strive to exceed the expectations of the people, businesses, and government agencies that count on us. Addressing compliance standards and taking a thoughtful approach to managing risk improves our security program and is critical for growing our relationships.
Based on a Strong Foundation
Our security and privacy controls are aligned with frameworks developed by the National Institute of Standards and Technology (NIST). We have adopted the Cybersecurity Framework (NIST CSF) which integrates industry standards and best practices for cybersecurity, and in 2020, we became an early adopter of the Privacy Framework (NIST PF).
Focused on Risk
Our approach to managing risk is visible, thoughtful, and prioritized. Prioritizing based on risk – instead of taking a “one size fits all” approach – means that we focus our attention and our resources on the highest-risks in our organization and apply fit-for-purpose controls to defend against those risks.
Independently Validated
Third party certifications provide independent validation of our security program and our adherence to industry and compliance standards. We have obtained key security re-certifications since 2017, and we continually evaluate additional opportunities to build confidence in our security program.


Maintaining the trust of our customers is essential. We demonstrate our commitment to being a leader in security by partnering with customers and industry organizations to share what we have learned for the collective good.
Sharing What We've Learned
As our CEO says, “When it comes to security, there are no trade secrets.” We have hosted briefings and participated in industry events to share lessons learned so that our successes and failures can help others improve, and we continue to seek opportunities to share what we’ve learned.
Collaborating Across Industries
In 2019, Equifax and the World Economic Forum Centre for Cybersecurity convened 47 thought leaders from 34 organizations and 6 countries for a two-day workshop. During the event, leading academics, government officials, public sector representatives, and security professionals collaborated on the future of cyber threats and defenses.
Strength in Numbers
Part of our leadership in security is working externally to combat cybercrime. With our network of partners – including non-profits, government agencies, customers, and even competitors – we collectively share threat intelligence to make the online world safer for all.

Innovative Risk Management

Equifax was honored with the 2019 Risk Management Innovation of the Year award from Continuity Insurance and Risk (CIR) for the board governance framework we use to drive clear and objective security governance decisions.

Award-Winning Transformation

Equifax has been named a 2020 CSO50 award winner for our security transformation. CSO50 awards organizations that demonstrate outstanding thought leadership in security as judged by security executives, industry experts, and academics.