Okay

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Payments

Security

ISO compliance – securing Electrum clients, from the code up

August 2, 2019

Ferdi Immelman

Recently, we took proactive steps to make our information security management systems ISO compliant. Electrum Head of Operations Ferdi Immelman writes about how this translates into significant security advantages for our clients.

Electrum recently completed the ISO/IEC 27001:2013 compliance process. We chose to bring our organisation in line with this international standard because we’re serious about protecting our clients and ensuring that customer data is fully secured. By doing so, we also eliminate the need for new customers to conduct their own security audits.

…an opportunity to embed security into our processes…

The ISO/IEC 27001:2013 standard is a data compliance regulation that covers three main areas: data confidentiality, data integrity, and service availability. Now that Electrum is compliant, we’re better prepared to combat any data leaks, unauthorised access, fraudulent manipulation of data or any attacks that threaten to disrupt our service.

ISO compliance signals a new level of maturity for Electrum because it’s an opportunity to embed security into our processes, rather than just ticking boxes and carrying on as usual. For example, the mandatory secure code training required by ISO serves to remind our developers of this critical component of their job. In the thick of development and code reviews, it’s understandable – and only human – that a developer might neglect code security. But ISO compliance means that we’re benchmarked against best practice coding standards, helping to drive home the importance of security in all of our code.

…it validates the effort we’ve put in to protecting our customers’ services and data…

Over 18 months, we worked with top external consultants to reach full compliance with the standard. During this time, we completed an internal gap analysis, designed and developed an information security management system (ISMS) according to the ISO framework, and deployed the new processes throughout the entire organisation. One of the new processes includes a static code analysis, which detects software bugs, scans for vulnerabilities, checks for dependencies and passes the code through quality gates. Compliance with ISO/IEC 27001:2013 is valid for three years, with annual assessments.

Personally, I’m ecstatic that we’re now compliant because it validates the effort we’ve put into protecting our customers’ services and data, and it means I sleep better knowing we’re all properly protected.

If you’d like to talk about how our ISO compliance improves security for your customers, get in touch with us.

Ferdi Immelman

Ferdi sits in the command centre at Electrum Payments making sure all operations are kept running smoothly.

More posts by 
Ferdi Immelman

Recent Blog Posts

New Year, New Services

SA’s Journey to Fast Payments

Shaping Consumer Experience through APIs and Open Banking

Electrum Newsletter

Quarterly insights and news to help you keep up with the latest changes in the payments landscape

Sitemap

Home

Solutions

About

Insights

Blog

Careers

Developer Resources

Contact

Trust

Payments

Rapid Payments Programme

Clearing House Payments

Business Partner Payments

QR Code Payments

Cash Vouchers

Digital Wallets

Cross-Border Payments

Digital Goods and Services

Prepaid Airtime and Data

Prepaid Electricity

Bill Payments

LOTTO

Betting

Travel and Event Ticketing

Vouchers

Contact us

16A Newmarket St, Foreshore,
Cape Town, South Africa

hello@electrum.co.za

+27 21 448 6422 (office)

+27 21 447 1227 (support)

© Electrum Payments

Terms of use  |  Privacy Policy  |  PAIA manual