Certification & Assurance
Finform operates an information security management system (ISMS) certified to ISO/IEC 27001. An independent audit has confirmed that Finform manages information security in a systematic, risk-based and effective manner.
Why information security
is key for us
As a service provider, Finform processes sensitive identification and customer data on behalf of Swiss banks and financial institutions. Accordingly, information security is our highest priority. It is the foundation on which our customers’ trust in us is built.
What ISO/IEC 27001 means
ISO/IEC 27001 ist der international führende Standard für Informationssicherheits-Managementsysteme. Er verlangt, dass Risiken für die Vertraulichkeit, Integrität und Verfügbarkeit von Informationen systematisch erfasst, bewertet und mit geeigneten Massnahmen gesteuert werden. Eine Zertifizierung wird nur erteilt, wenn eine unabhängige Stelle die Wirksamkeit dieses Managementsystems bestätigt.
Our security certificates
at a glance
ISO/IEC 27001:2022
The Swiss Association for Quality and Management Systems (SQS) assesses Finform’s information security management system as part of a structured audit process. The certification confirms that the requirements of the internationally recognised standard have been met. As a Swiss member of the international IQNET network, SQS also issues the certificate as an IQNET certificate, which is recognised internationally.
ISAE 3000 Typ II
In addition to this, Finform commissions the audit firm BDO to prepare an independent audit report in accordance with ISAE 3000 Type II on an annual basis. This confirms the effectiveness of our control mechanisms over a defined period.
Data storage in Switzerland
Sensitive data is stored and processed in Switzerland. Storing data with certified and audited Swiss providers reinforces our commitment to security and trust, and ensures that sensitive data is stored in compliance with the Swiss data protection and legal framework.
