Voglio sapere a riguardo di…

Federal Register / Vol. 86, No. 117 / Tuesday, June 22, 2021 / Notices business days of such determination prior to implementing any revocation of access.68 Notwithstanding the foregoing, the CCOs Access Determination may be implemented immediately without prior review by the President or General Counsel Immediate Revocation where the CCO determines such revocation is necessary for the protection of the integrity of the ICE
Trade Vault system or to fulfill ICE
Trade Vaults regulatory responsibilities.69 If i an Immediate Revocation occurs or ii the President and General Counsel conclude that an Access Determination is appropriate and in compliance with applicable law, the CCO shall, within 1 business day, provide notice by email to the user to which the Access Determination applies, including in such notice the specific reasons for the determination.70
If the President and General Counsel conclude that limitation or revocation of access pursuant to an Access Determination made by the CCO would constitute unreasonable discrimination, the President and General Counsel shall take such actions as are necessary to maintain or restore access to ICE Trade Vault, its services or SDR information, as applicable.71
ICE Trade Vault states that it recognizes its responsibility to ensure data confidentiality and dedicates significant resources to information security to prevent the misappropriation or misuse of confidential information and any other SDR information not subject to public dissemination i.e., the information identified in Exchange Act Rule 902c and that it does not, as a condition of accepting SBS data from users, require the waiver of any privacy rights by such users.72 ICE Trade Vault states that it maintains a security policy that sets forth technical and procedural processes for information security and contains an extensive list of policies and means of implementation and that it uses a multi-tiered firewall deployment to provide network segmentation and access control to its services.73 ICE
Trade Vault states that its application servers are housed in a demilitarized network zone behind external firewalls and that a second set of internal 68 See
id.
id.
70 See id.
71 See id.; see also Swap Data Repository Rulebook, Security-Based Swap Data Reporting Annex, Ex. HH.2, sec. 3.4 review and dispute of revocation of access, 3.5 final access determinations, 3.6 implementation of a revocation of access.
72 See Security-Based SDR Service Disclosure Document, Ex. V.2, sec. 4.
73 See id.

lotter on DSK11XQN23PROD with NOTICES1

69 See
VerDate Sep<11>2014

18:17 Jun 21, 2021

Jkt 253001

firewalls further isolate ICE Trade Vault database systems, while an intrusion system provides added security to detect any threats and network sensors analyze all internet and private line traffic for malicious patterns.74
ICE Trade Vault states that tactical controls are regularly examined and tested by multiple tiers of internal and external test groups, auditors and independently contracted third-party security testing firms.75 According to ICE Trade Vault, in addition, the security policy imposes an accountable and standard set of best practices to protect the confidentiality of users SDR
information, including confidential information and other SDR information not subject to public dissemination.76
ICE Trade Vault states that it completes an audit for adherence to the data security policies on at least an annual basis; the audit tests the following applicable controls, among others, to ICE Trade Vault systems: i Logical access controls; ii logical access to databases; iii physical and environmental controls; iv backup procedures; and v change management.77 ICE Trade Vault states that it has a robust information security program and maintains effective and current policies and procedures to ensure employee compliance; ICE Trade Vaults information security program includes: Asset management; physical and environmental security;
authorization, authentication and access control management; internet, email and data policy management, record retention management; and accountability, compliance and auditability.78 ICE Trade Vault states that it performs network scans and penetration tests regularly to ensure the information security systems are performing as designed.79
ICE Trade Vault maintains and will continue to maintain a robust emergency and business-continuity and disaster recovery plan Business Continuity Plan that allows for timely resumption of key business processes and operations following unplanned interruptions, unavailability of staff, inaccessibility of facilities, and disruption or disastrous loss to one or more of ICE Trade Vaults facilities or services.80 In accordance with the Business Continuity Plan, all production system hardware and 74 See
id.
id.
76 See id.
77 See id.
78 See id.
79 See id.
80 See id.
75 See
PO 00000

Frm 00036

Fmt 4703

Sfmt 4703

32707

software is replicated in near real-time at a geographicaland vendor-diverse disaster recovery site to avoid any loss of data.81 ICE Trade Vault shall notify the SEC as soon as it is reasonably practicable of ICE Trade Vaults invocation of its emergency authority, any material business disruption, or any threat that actually or potentially jeopardizes automated system capacity, integrity, resiliency, availability or security.82
2. Discussion Rule 13n4c1ii under the Exchange Act requires an SDR to permit market participants to access specific services offered by the SDR separately.83
Rule 13n4c1iii requires an SDR to establish, monitor on an ongoing basis, and enforce clearly stated objective criteria that would permit fair, open, and not unreasonably discriminatory access to services offered and data maintained by the SDR.84 Rule 13n 4c1iv requires an SDR to establish, maintain, and enforce written policies and procedures reasonably designed to review any prohibition or limitation of any person with respect to access to services offered, directly or indirectly, or data maintained by the SDR and to grant such person access to such services or data if such person has been discriminated against unfairly.85 In addition, Rule 13n6 requires an SDR, with respect to those systems that support or are integrally related to the performance of its activities, to establish, maintain, and enforce written policies and procedures reasonably designed to ensure that its systems provide adequate levels of capacity, integrity, resiliency, availability, and security.86
The Commission received no comments applicable to these requirements. As described above, the ITV Application includes procedures for onboarding and maintaining ongoing access to users that are fair, open, reasonable and not unreasonably discriminatory. These procedures include user agreements that reflect 81 See
id.
id.; see also Swap Data Repository Rulebook, Security-Based Swap Data Reporting Annex, Ex. HH.2, sec. 2.8.3 ICE Trade Vault will notify the SEC as soon as practicable of any action taken, or proposed to be taken time permitting, pursuant to this Rule 2.8.3. The decision-making process with respect to, and the reasons for, any such action will be recorded in writing. ICE Trade Vault will also notify Users via email as soon as practicable of any action taken time permitting, or proposed to be taken, pursuant to this Rule 2.8.3..
83 17 CFR 240.13n4c1ii.
84 17 CFR 240.13n4c1iii.
85 17 CFR 240.13n4c1iv.
86 17 CFR 240.13n6.
82 See
E:FRFM22JNN1.SGM

22JNN1