Cybercrime and security breaches are an ever-growing concern, particularly in the banking sector, where public trust is crucial to maintaining and increasing market share.
Since 2019, Electrum has been consistently and proactively ISO 27001 certified. This is a testament to how we value the security of our clients’ data and underscores our culture of continuous vigilance. Next-generation payments need next-generation security, and we believe our approach to data safety must be as adaptable and flexible as our solutions.
The ISO 27001:2022 standard was updated from ISO 27001:2013 by the International Organization for Standardization (ISO) to provide a more holistic view of information security management. We believe this is the best way to protect our clients’ data, and Electrum has recently been certified on the 2022 standard. To further improve our systems and operations we have implemented Drata, a security and compliance automation platform, to automate our internal security auditing and to grant us greater visibility across our technology platforms.
This is increasingly pertinent as data breaches are on the rise, as the Information Regulator of South Africa announced data breaches had increased to a monthly average of around 150 between 2023 and 2024, up from 54 breaches a month the previous year, coupled with the cost of a data breach being R53.1 million according to IBM. This increased risk reiterates how we will not compromise on any element of our security.
ISO 27001:2022 is a holistic, structured framework with 93 clauses consisting of precise requirements and controls for information security based on the six pillars of information security, namely:
- Confidentiality
- Integrity
- Availability
- Authenticity
- Accountability
- Non-repudiation
Previously, ISO 27001:2013 only focused on the first three pillars: Confidentiality, Integrity, and Availability. ISO 27001:2022 is a more robust framework, allowing us to be more stringent and deliberate in how we treat data and maintain its security.
The framework gives us the means to protect clients' and our data, through a risk-based approach in which we can systematically identify threats and proactively address them. The framework also encourages us to ensure the data is maintained correctly and is accessible when needed. This is done through regular data audits and audit trails as well as appropriate backup and recovery plans. Through these audits we can verify who is accessing what data, and ensure we track and report on data usage regularly with security and accessibility when tracking said data. This means it can be verified by a third party when necessary, since we have the audit trail readily available. Non-repudiation means individuals cannot deny their involvement when interacting with information.
Coupled with our utilisation of Drata, we can automatically review gaps in our security, and rapidly address any security concerns. This also provides us with the ability to view all of our data warehouses, ensuring their security at all times. It now allows us to proactively monitor individual security training compliance to our entire team.
This means that we can be trusted to keep your data safe, we can quickly and effectively address risks before they impact your business and cause you to lose your customers' trust.
ISO compliance ensures that we meet industry recognised best practices, building trust by prioritising security in everything we do.
Electrum believes in next-generation thinking across the entire organisation, contact us to learn more about how we use ISO 27001:2022 to continuously improve and adapt our information security.
