Drum roll please…
After 6 months of collective hard work, Silvr is now officially the first European neolender to become ISO/IEC 27001 certified!
Silvr is now officially the first European neolender to become ISO/IEC 27001 certified! We’ve spent the past 6 months together with our compliance service provider Vanta and the UK Government-backed ISO certification body British Assessment Bureau on securing our information infrastructure. Curious about how and why we’ve done it? Read on to find out.
The certification is one of almost 25.000 International Standards granted by - you’ve guessed it, the International Organisation for Standardisation. The ISO/IEC 27001 in particular is designed to prove that an Information Security Management System (ISMS) has been put in place to preserve the confidentiality, integrity and availability of information by applying a verified risk management process. Simply put - this is the highest global standard existing today that a company can apply to make sure it’s handling data in the safest possible way.
The process requires certifying the protection of data under all its forms. What does this mean?
Sounds like a lot of work? Well, that’s because it is! By the end of the certification acquisition process, no stone is left unturned - the whole company has been checked for security.
There are a few commitments that any organisation wanting to secure ISO/IEC 27001 must make, such as:
At the end of this process, you can rest assured that the best practices have been put in place to secure digital service internally (for employees) and externally (for partners and customers).
“After completing the Stage 1 report, it took us about 4 months of intense collaborative work,” shared Thomas Pelletier, VP of Engineering. “Stage 2 then certified that we do what we say we do. The British Assessment Bureau validated that we defined a control mechanism for each of the requirements of the ISO/IEC 27001 standard, and sampled evidence that we implemented those controls.”
As the digital economy expands, cybersecurity becomes a major issue – especially in the context of online business operations (teleworking, open banking, multiplication of connected devices etc.). The World Economic Forum has reported that the number of cyber attacks in 2020 has increased by 22% compared to the previous year. Furthermore, even 35% of the attacks during the pandemic were made using previously unknown malware and methods (reported by Deloitte).
The importance of protecting information systems and networks is therefore crucial. Even more so in the post-Covid era - especially for transactions, operations and data exchange.
Every digital business needs to protect their information systems. ISO/IEC 27001 certification was the best way to ensure we have everything in place to continuously improve - which for us, as a Fintech startup, is critical. In preparation for expansion into Germany, we needed to ensure we protect our customers’ and our own data to the highest possible standard - so we started the ISO/IEC 27001 preparation process almost a year ago.
As a Fintech partnering with other companies, we needed to ensure we have a safe way to scale across markets. We're asking people to access their most sensitive business data - such as bank statements, purchase history, digital advertising spend - so we must be certain that this data is always treated with confidentiality.
“Accessing companies’ private financial records is very delicate, so we put information security front and center in all the processes and systems we build - says Greg Tappero, CTO. - We’re proud to be the 1st European neolender to secure our information infrastructure with ISO/IEC 27001 certification. This shows all our capital and platform partners how seriously we take data security and protection. We know its importance in Germany, and we wouldn’t consider entering this market without obtaining it.”
Having gone through the strenuous ISO/IEC 27001 journey ourselves, there’s some advice that we can share with any other digital company that is ready to undertake it. Below are a few handful tips from Thomas on what to consider when establishing a control framework (as a real Engineer, he’s keeping it brief!):
Visit our trust page to access our ISO/IEC 27001 certificate and real-time control updates. And if you have any other questions on this topic - reach out to email@example.com