Information Security

Information Security Program

MSCI is committed to designing and maintaining an appropriate, robust program of information security to secure data, systems, and services.

The highlights of our information security program include:

  • A dedicated function led by our Chief Information Security Officer – that provides oversight and guidance to our information security and resiliency program;
  • Use of specialized technology, such as next generation firewalls and IP-based permissions, to limit connectivity to our hosted services, applications, cloud services and client data;
  • Testing of our applications and services in a controlled testing environment before they are released into production;
  • Coordinated change management processes which include applications, infrastructure, cloud services and facilities;
  • Comprehensive business resiliency planning with extensive disaster recovery and business continuity testing;
  • Regular internal and external security audits and vulnerability assessments by third party security vendors and in house staff;
  • 24x7 cyber security operations monitoring of our sites and services to detect and act on weaknesses and potential intrusions;
  • Role-based access controls to identify, authenticate, and authorize individuals to access systems based on their responsibilities;
  • Disabling accounts after defined periods of inactivity and conducting access reviews periodically;
  • Protection, including encryption, for the secure communication of sensitive data; and
  • Review of our applications, infrastructure and security program in light of new threats and vulnerabilities.


Information Security & Data Protection Awareness

The MSCI Information Security & Data Protection Awareness program for all employees includes mandatory recurring training and testing. Education materials are periodically distributed to all employees and made available for reference on our corporate intranet. Additionally, all new employees must undergo compulsory security awareness training.


MSCI's Bitsight Security Rating



Further Information or Enquiries

If you have any questions about MSCI’s security arrangements, please contact your account executive or via