Governance and Risk Management and Risk Management.jpg
Home > Capability > Governance and Risk Management

INTRIA’s governance and risk management programs have been built to manage corporate and operational risk as effectively as possible.

INTRIA's responsibility to clients takes many forms. The primary objective is to deliver fully against our contractual obligations, including:

  • Ensuring the needed sites, systems, and people are available
  • Defining expectations, service level agreements, and documented procedures
  • Safeguarding clients’ assets
  • Using integrity in handling of client information, data exchanges, and billing

To ensure that INTRIA consistently meets these objectives, the organization's governance practice includes documented, company-wide oversight that touches all aspects of the business — from the technical set-up of security infrastructure to how INTRIA delivers day-to-day on client commitments.

Managing Risks

INTRIA understands the demands our clients face in managing corporate risk.

INTRIA is bank ready, and has built a governance practice that allows our clients to meet all regulatory and governance requirements with confidence. In fact, improving our clients’ risk management is central to INTRIA's value proposition.

Several third-party audits regularly test and validate INTRIA’s physical and information security. An annual Canadian Standard on Assurance Engagements (CSAE) 3416 report provides independent, impartial review of INTRIA's internal controls for:

  • Safeguarding of assets
  • Reliability of transaction processing
  • Organizational controls
  • Back-up and recovery controls
  • Confidentiality of information

Protecting Clients’ Privacy

Along with protecting people, information, and property, keeping client information private and confidential is a cornerstone of INTRIA’s business.

Each of INTRIA's processing centres adheres to rigorous security standards. These include, but are not limited to:

  • Applying the key internal control components of physical protection
  • Controlling and limiting physical and logical access
  • Maintaining separation of duties
  • Delegating authority
  • Managing custody
  • Protecting the passwords of sensitive data files
  • Satisfying regular audits

Business Continuity

INTRIA has a comprehensive and fully-documented Business Continuity Plan (BCP) that helps ensure consistent recovery if business is interrupted.

Components of INTRIA's BCP Program:

  • Any time a disaster is declared, INTRIA's national recovery strategy activates a program that helps ensure consistent recovery from business interruption
  • The BCP is in place for all operational services, application programs, and transaction data within INTRIA's processing facilities across Canada
  • INTRIA regularly reviews and updates the BCP. Each year, we review our business impacts and recovery strategies to validate their objectives and ensure plans reflect the current operating environment
  • INTRIA puts these abilities to the test. Annual simulations help measure INTRIA's ability to respond to actual incidents and deliver improvements where needed
  • INTRIA's Risk Management organization keeps the BCP on track, and independent CSAE 3416 audits confirm compliance

Ongoing Self-Assessment

INTRIA’s ongoing, end-to-end self-assessment process continuously monitors its adherence to all of the above standards.

This process addresses regulatory requirements and compliance guidelines set by: