How Thought Machine exceeds global industry standards in compliance and security

6
June
,
2021
By:

Roshni Dattani, Compliance Manager, Thought Machine

There is no industry that cloud technology is not upending – and for good reason. Only cloud native technology, like Vault Core, enables banks to build the next generation of financial services. It also mitigates the high costs and overheads associated with legacy systems, and sets the bank up for growth. But before availing themselves of these benefits, banks must begin the process of adoption and migration.

The route a bank takes to the cloud depends on their specific needs. One method for deploying Vault Core is to access it directly from the cloud: a software-as-a-service (SaaS) delivery model. Industry analysts estimate that the SaaS market will grow by more than 20 per cent annually, and Gartner forecasts end-user spending on public cloud services to grow 23.1% this year.

There are numerous benefits to SaaS as a delivery model – and, naturally, its rapid growth is giving rise to much change in industry regulation. Regulators and auditors are responding by implementing new IT governance standards, with a greater focus on network and user security and data protection measures.

Whether our clients take Vault Core as a SaaS, or deploy it on the cloud host of their choice, we have developed the tools and practices to ensure compliance at the highest level.

The security challenges inherent to software-as-a-service

The nature of SaaS offerings means that a number of underlying risks, specifically related to IT and security, need to be considered. The key risks that affect SaaS solutions broadly fall into these three categories:

  • Data security risks: Ensuring that there are technical safeguards in place to ensure confidentiality, integrity and availability of data
  • Regulatory and compliance risks: Adhering to mandatory requirements and regulations around data protection and privacy laws
  • Business and operational risks: Having controls in place for service performance, business continuity and third party outsourcing requirements

Prioritising SaaS compliance across the globe

We take proactive measures to ensure that our product complies with all applicable industry laws and regulations. We conduct in-house country regulatory reviews and compliance assessments to identify the emerging requirements, regulations, laws and standards within the information technology and financial services industry – spanning across different countries and jurisdictions. This ultimately adds value to our clients by not only meeting their expectations but also by reducing any operational and audit costs.

Upholding the highest levels of data integrity and security

Every bank is heading in the direction of becoming a data-centric organisation. Banks build great products that their customers love by harnessing the power of data with advanced analytics. That said, data storage and management is complex and requires a strict set of governance processes and controls.

We ensure that we have the highest standards around controlling our clients’ data:

  • Thought Machine is ISO 27001 certified, which is an international standard that lays out the specifications for implementing an information security management system (ISMS). This certification lays the foundation for our security program and policies and demonstrates that the right controls for an effective information security framework are in place.
  • We’ve achieved SOC 2 Type 2 accreditation, which demonstrates that our internal controls and systems are secure and available for operation. Our information is also confidential and private – ensuring that our clients’ information is protected and managed to meet their objectives.
  • In addition to General Data Protection Regulation (GDPR), which sets out requirements for how personal data is held and processed, we comply with all relevant data protection laws in the countries we operate such as Singapore, Australia and the US.
  • We ensure that our governance framework adheres to any outsourcing expectations for a critical and important service provider, such as the European Banking Authority (EBA) Guidelines on Outsourcing Arrangements, The Australian Prudential Regulation Authority (APRA) Prudential Standards and Monetary Authority of Singapore (MAS) Guidelines on Outsourcing.

As Thought Machine continues to grow and launch new products and extend its SaaS offering to different countries, the company is expanding its certification footprint to not only meet, but also to exceed, industry standards. We regularly assess and identify the relevant certifications and standards that we should achieve and implement our controls based on the highest benchmarks.

<< Previous blog
Next blog >>
Empowering our clients to accelerate their modernisation
Read this blog
Money20/20 Banking Infrastructure Summit: What to expect with a core modernization program
Read this blog
Money20/20 Banking Infrastructure Summit: Building a modern technology stack
Read this blog
To be ISO 20022 ‘ready’ is not good enough
Read this blog
Building a winning team with a strong culture
Read this blog
Domain-driven design and the future of payments
Read this blog
How does Vault Core compare to closed-box systems, and what does this mean for product development?
Read this blog
Introducing our Enablement Portal – a complete resource for support, knowledge and training on the Vault platform
Read this blog
The Integration Library: a growing collection of solutions with best-in-class technology vendors
Read this blog
Building a bank on top of kubernetes
Read this blog
From speech technology to banking
Read this blog
Strategic partnership with Lloyds Banking Group
Read this blog
Cloud computing will save banks billions. Here's how
Read this blog
A demand for COBOL expertise underlines the fragility of critical infrastructure
Read this blog
Why are cloud systems so much more reliable?
Read this blog
Life may have slowed down but innovation doesn’t!
Read this blog
Building a core banking system in a distributed environment
Read this blog
Strengthening our commitment to cloud native design
Read this blog
Cloud Native - what does it mean? An interview with CNCF's Cheryl Hung
Read this blog
Shaping the future of banking IT: We’ve joined the Banking Industry Architecture Network (BIAN)
Read this blog
Why microservices are the future of banking
Read this blog
GFT and Thought Machine forge strategic partnership to accelerate global banking transformation programmes
Read this blog
Q&A with Nick Wilde, MD of Thought Machine Asia-Pacific
Read this blog
How Thought Machine can unlock the cloud for banks with Red Hat OpenShift
Read this blog
Round table: Meeting the challenge of a digital future
Read this blog
How to go full cloud native with CockroachDB
Read this blog
Meet our chair Andy Maguire
Read this blog
Core banking transformed: accelerating migrations with cloud-native cores
Read this blog
Let business justify your investments into digital-native core banking systems
Read this blog
How Thought Machine exceeds global industry standards in compliance and security
Read this blog
Thought Machine redefining banking with Standard Chartered
Read this blog
Sign up to our newsletter
Thank you! You will now receive some incredible content in your inbox!
Oops! Something went wrong while submitting the form.
For information about how we use your data please read our privacy policy.