Stories
Interviews
FinTech

On the constant road to excellence. What ISO 27001 certification has changed in FINGO?

December 19, 2023
by
Monika Sianko

For years, FINGO's compass needle has been pointing towards a turquoise software house. A place where the scope of responsibilities and functions performed are more important than the positions held, and each employee feels responsible for the success of client projects and the company's financial result. Such organizational management quickly pays off. This is reflected in long-term relationships with clients who, while appreciating the knowledge of FINGO's engineers, also emphasize their engaged attitude.

However, in the financial sector, information security is the basis. Due to the scope of processed data, i.e. resources that require reliable protection, banks and corporate institutions prefer suppliers who consciously apply security mechanisms based on industry standards and norms. Certification has, therefore, become a desirable necessity.

What has changed at FINGO while undergoing subsequent rigorous audits, which resulted in our receiving the ISO 27001 certificate in November 2023?

Evolution, not revolution

By focusing on a specialization in providing IT services for the strictly regulated financial sector, FINGO stopped developing turquoise company management. However, selected elements of this culture that positively impact employees have remained in the organization to this day. These are transparent communication and trust in people and their way of achieving goals. Such a partnership relationship makes employees more open to changes taking place in the organization, which makes it easier for them to engage themselves in implementing these changes. This resulted in the creation and codification of processes in force at FINGO. Everyone wanted them to be a real reflection of how the company operates so that processes serve people, not vice versa.

The strategic goal was not only ISO certification but primarily the improvement of FINGO itself, says Kinga Brzozowska, Information Compliance Officer at FINGO. 

In my opinion, the best investment was the time spent developing awareness in the organization – training, consultations and conversations about what, why and why we do it. The certification process lasted over 18 months and involved thousands of hours of work, but today, we can confidently open ourselves to new challenges. We have an informed team of professionals who know almost everything about secure data processing and are constantly acquiring new skills.

Our Information Security System is a real, living entity, and the certificate obtained, compliant with the latest version of the ISO 27001:2022 standard, is the best proof. Our efforts are appreciated by clients, outstanding lawyers and outstanding experts who consider us among the avant-garde in the IT world,
she adds.

A signpost on the road connecting two companies


Changes are taking place exponentially in the software development market, and the growing trend of cloud solutions is gradually replacing traditional software systems. This also increases market expectations towards IT engineers – they should have a good understanding of customer problems and, thanks to their knowledge of technology, be able to solve them (efficiently and cost-effectively).

Therefore, aware companies from the financial sector have competent technology partners who know the industry well and help them adapt more quickly to the realities of the changing world. Such a long-term partnership connected FINGO with GPM Systems, for which regulatory reporting systems were developed.

FINGO's strategic decision to focus more on the financial market pushed both companies to join forces in August 2022. This resulted in many changes, e.g. equalization of the level of security, the introduction of stronger control procedures or even the creation of a marketing department responsible for promoting the service of ready-made products for the financial sector.

It was a significant operational challenge for us. We had to learn to work together, combining two organizational cultures, we underwent double rebranding, created new websites, and changed the way we operate, the form and method of communication – says Maciej Nikodemski, Head of Marketing at FINGO.

On the other hand, ISO was a big organizational effort for us, because it was not enough for all these things to move forward; they had to happen in accordance with the highest standards, GDPR and our security policies and procedures. For me, this meant intensive cooperation with our ICO, the need to describe many processes and meet several requirements in the area of
security and data protection.

Reconciling this with everyday obligations was not easy, but it was worth it in hindsight. Many of these guidelines, which may seem unnecessary at first glance, actually make sense and make the company prepared for all possible scenarios,
he adds.

More robust security within the organization


Monitoring asset security is critical when developing software for financial institutions. This is a market requirement that must absolutely be met, especially when offering cloud services. That is why our engineers have been meeting standards widely accepted in the financial sector for years, producing products for regulatory reporting. The certification process resulted in the procedures being extended to the entire organization.

When preparing for certification, we focused on the security of applications, infrastructure and processed information at all stages of the software development cycle. We have introduced several procedures and controls, compliance with which is critical to maintaining the Security Posture of our organization. Numerous changes, at first somewhat burdensome to implement, penetrated our internal structures over time. They allowed us to create a more conscious and responsible team - says Maciej Bała, Security Operations Engineer at FINGO.

A reliably proven information security management system


The ISO 27001 certificate is actually a confirmation that someone competent and independent has verified the IT service provider. Thus, when conducting a tender competition, the decision-maker on the part of the financial institution can easily mark off the criterion on the list of things to be checked: Information Security Management System. The certificate is also essential for clients who have been using FINGO Systems products for regulatory reporting for years. As they say, this makes it easier for them to switch to cloud equivalents of our reporting systems.

Banks and financial institutions that use our regulatory reporting solutions daily reacted enthusiastically to the news of our certification. As their representatives themselves stated, the ISO/IEC 27001:2022 certificate is a solid guarantee of the security of our cloud solutions and will undoubtedly reduce the time-consuming risk analysis related to the transition to cloud services by up to 70% – says Michał Stawniak, Business Development Manager at FINGO Systems.

Another step towards excellent services and products for the financial sector

If you want to change the world, start with yourself, and the world will change for you.
Mahatma Gandhi

The road to obtaining ISO 27001 certification has been a long and demanding one. We met this challenge just as we did when pursuing Google Cloud and Microsoft Azure partner certifications. As an organization, we were aware of our challenge, what it entailed and why we needed to do it. We feel satisfaction and joy, but at FINGO we do not rest on our laurels. We know that every day, we have to take further steps towards perfection if we want to remain a popular technological partner and the best supplier of ready-made regulatory reporting solutions for the changing financial sector.

Do you need to create high-performance web app?

Accelerate development, reduce costs and reach your goals faster.