Certified and Proud

Written by: Currencycloud
Published on: April 22, 2016

Currencycloud is awarded ISO20071 standard for information security.

Wherever money is involved, there must be trust. In financial services, trust must be built on a bedrock of security. This is constantly top of mind for us, so we are pleased to announce that we have received an official stamp of approval in the form of certification against ISO 27001:2013 – the international standard for best practice in Information Security Management Systems.

Our industry is already heavily regulated, with numerous audits required every year. So why did we voluntarily embark on a course that requires even more audits? The answer is simple – it provides our clients with independent assurance that our commitment to security permeates everything we do. Assurance that we have robust, clearly defined procedures in place in areas such as risk management, software development, handling of documents and data, due diligence in selecting and working with suppliers, and strong business continuity processes; and that these procedures are followed in all our business activities.

Our business has grown and evolved significantly in the last few years – we are now processing more than $15 billion of international payments each year. As the clients we work with continue to grow in size and transaction volume, their own requirements for formal supplier due diligence have become more formal and comprehensive. As such, we felt it was important to document and formalise the processes that we were already following, to give us complete certainty that they are adhered to.

Our ISO 27001 certification is a key part of that verification process, helping us to speed up their process of due diligence when choosing to work with us. And it’s not just the banks for whom this certification is particularly meaningful. We are seeing a range of new technology providers seeking to develop business models based on seamless user experience and maximum convenience. With these new models, the boundaries between payments providers and retailers are beginning to blur. In a world of increasing financial regulation, e-commerce and growth-focused companies who rely on smooth, fast transaction speed have two options – launch a bid to become regulated themselves as a payments company, or partner with a payments business that can take care of regulation and compliance, allowing them to focus on their core business.

In the environment in which we work, security can no longer be considered ‘a tech problem for the tech team’. It’s the responsibility of the whole company. Everyone – especially the senior management team – must take responsibility for adopting the standards and processes. To make sure this happens, our CEO and executive team are regularly briefed on our performance against a range of security metrics. We also run regular staff training so that all staff, from engineering to sales, understand how they play their part in keeping our client’s data safe.

We do not consider security a ‘tick once and it’s done’ exercise – we are constantly trying to improve our processes, procedures and technologies, and hold ourselves to this goal with regular internal and external process audits. ISO27001 compliance requires annual reviews with official auditors – but we have decided to augment these with additional independent reviews three times a year. Our number one priority is that customers receive a seamless experience, both at set-up stage and throughout their ongoing relationship with us, but never at the expense of the safety of our client’s data, and the practises required to maintain our ISO 27001 certification make sure that we never lose sight of this.