How Pliant keeps your data secure
Most would consider the birth of the public cloud to be 2006, when Amazon Cloud Services (AWS) launched its S3 cloud storage, followed by EC2 cloud computing soon after. The birth of cloud computing allowed startups and smaller organizations, such as FinTechs, to build and publish their own product and services in a way that is easy to launch and scale up when necessary. Unfortunately, there were few incidents that followed, where cloud storages were not secured properly, which caused massive data breaches. Following these incidents, some began to doubt the security of cloud services. At Pliant, we believe that proper controls should be in place no matter where the data is stored, and our recently acquired ISO 27001 certification is the proof of our commitment to the highest information security and risk management practices.
According to the IBM Cost of a Data Breach Report 2023, the average cost of a data breach in the financial sector is $5.9 million. This cost makes the Financial Services industry second only to the Healthcare industry, and above such industries as Pharmaceuticals, Energy and Technology. Financial organizations not only have to keep confidential information secure, but they also have to keep payment and account information secure as well. Customers also have the right to assume that all financial organizations do everything necessary to keep information and systems secure, and this expectation is true for both well established organizations such as banks, and also FinTech companies such as Pliant.
At Pliant, information security has always been a core part of our internal processes. On the one hand, information security is part of quality assurance, as a secure design process allows us to reduce the chance of any production vulnerabilities and bugs. On the other hand, information security is part of operational risk management, as sufficient security controls rely on identifying, assessing and managing operational risks that are present in any organization. Additionally, information security work we do at Pliant is also part of our compliance function, since financial organizations are heavily regulated by local and European financial supervisory authorities, and we want to ensure that all of our processes and procedures are following the relevant regulations without exception.
To make sure that we have proper governance and control over our information security and risk management function, Pliant has acquired universally recognized ISO 27001 certification. All of the services Pliant produces for its customers are within the scope, including product, operations and engineering. Additionally, as Pliant offers card issuing services, we are also fully compliant with PCI DSS standards for our Card Data Environment.
Information security management system is not something that is done once, but it’s something that changes constantly depending on the internal and external requirements. One of the core requirements within ISO 27001 is continual improvement, and in order to prove that, we need to keep refining current processes, and finding new solutions to meet new challenges. With the new ISO 27001 certification, we aim to prove to our customers, partners, and regulators that at Pliant, we take information security very seriously, and we are committed to keeping customer data secure, no matter where they are.
