Bitpanda secures ISO 27001:2022 certification

What is the ISO 27001 certification?

ISO 27001 is a global standard for companies that want to follow best practices for their Information Security Management System (ISMS) design and implementation.. At Bitpanda, we use ISO 27001 as a framework for consistent information security governance and control implementation throughout our organisation.

Being certified against this standard is a mark of confidence issued by an accredited external auditor, validating our security posture. This certification confirms that our security design, policies, processes, practices, and behaviour meet stringent ISO 27001 requirements. This demonstrates that our systems and our overall approach have been independently assessed, underscoring our commitment to safety and security.

What is new in ISO 27001:2022?

After nearly a decade, the ISO issued a new version of ISO 27001 in 2022. To be clear, Bitpanda has officially complied with the standard for three years, with annual audits and renewals. With this new version, we have further improved our ISMS with new control layers. Compared to the 2013 version, 11 new controls emerged in ISO (for example, Threat Intelligence) despite a consolidation from 114 to 93 Annex A controls. Moreover, there is a division into four control categories (previously 14): Organisational, People, Physical, and Technological.

What does this mean for you?

For Bitpanda users, there will be no change in the way you use our platform, but behind the scenes, our security measures are stronger than ever. Though some companies will obtain ISO certification as a formality, not all will implement every ISO control. At Bitpanda, we’re different and go above and beyond to implement every control, ensuring your information is protected from every possible angle.

Let’s take the four control categories and show how your data is safeguarded through multiple layers:

Organisational Controls: These bring together information security policies, strong security practices (such as incident management and access controls), roles and responsibilities, regulatory compliance, vendor due diligence, audits, and KPIs.
As a fully regulated financial organisation, ISO is just one part of our broader compliance framework, which also includes DORA and MiCAR. At Bitpanda, we ensure these standards work seamlessly to maintain the highest levels of security and compliance.

People Controls: Our key controls related to people include background checks, terms and conditions, and awareness, on which we place special emphasis. We ensure our employees and third parties know exactly what kind of data they are managing and how to protect it.

Physical Controls: We leverage physical security to keep all physical assets secure from unauthorised access.
Though we are fully cloud-native, we uphold the highest security standards for devices, servers, and other assets, safeguarding them against physical threats.

Technological Controls: From automation to monitoring, this encompasses system policies, anonymisation, firewalls, scaling, segregation, filtering, testing, secure deployment, and much more.

Wherever Bitpanda's and our customers’ confidential data is processed - whether network security or the last endpoint device - we ensure it remains secure.

Our ongoing commitment to security

At Bitpanda, security and compliance are continuous priorities - not just an obligation but a responsibility we embrace. Obtaining a certification is not the finish line but part of an ongoing effort to strengthen our safeguards. We continuously monitor our environment, preparing for emerging risks and working vigorously on improvements without waiting for an audit.

Ultimately, we are committed to treating all confidential data with the highest level of care, ensuring that Bitpanda remains a secure and trusted platform for investing in digital assets.

Find out more about Bitpanda's security

Learn more about our security practices and why your assets are safe with us.