Spotware Systems, a leading provider of eFX technologies and developer of the cTrader platform, today announced that it has successfully attained the International Organization for Standardization certification (ISO 27001), earning the prestigious accreditation after nearly a year of independent, external assessments.
The ISO 27001, the most stringent certification for information security controls, guarantees that ample information security controls and other forms of risk treatment are in place to prevent and defend against potential data system vulnerabilities. The certification also ensures that the information security controls continue to meet security needs on an ongoing basis.
Andrey Pavlov, Spotware Systems CEO, commented: “Brokers and banks especially are looking for increased assurances over the high volumes of data they are entrusting to us and other partners. We’re proud to have achieved this independent certification, as it demonstrates our level of commitment to implementing the tightest security controls, and the emphasis we place on the confidentiality and security of our clients’ electronic data.
We strive to achieve excellence in all of its operations and the ISO certification lays down a strong marker in our effort to deliver our clients the extra-mile levels of service and assurances they have come to expect from Spotware.”
Spotware has also recently received an ISAE 3402 report, issued by Deloitte in June 2012, which described and formalizes permanent control processes, their objectives and the procedures used when processing operations.
Spotware’s ISO 27001 was conducted under guidance from Deloitte for a period of one year from August 2011 to September 2012. The thorough assessment verified Spotware’s compliance with ISMS policies and procedures, and its institutionalization of ISO standard practices across the organization.
ISO 27001 requires that management:
- Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts;
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
- Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.