Comply has achieved ISO/IEC 27001 certification, marking a significant milestone in its efforts to strengthen trust, security and governance across its RegTech operations.
The certification, widely regarded as the global benchmark for information security management systems (ISMS), confirms that the company has implemented a comprehensive and independently audited framework to protect the confidentiality, integrity and availability of client data.
The achievement signals that information security is embedded across Comply’s technology stack, cloud infrastructure, internal processes and governance model, rather than being treated as a one-off compliance exercise. ISO/IEC 27001 requires organisations to demonstrate formalised risk assessment procedures, documented security controls, executive accountability, continuous monitoring and ongoing improvement, all of which align closely with the regulatory expectations placed on financial institutions.
“For our clients, trust is not aspirational, it’s foundational,” Comply CEO Michael Stanton said, “ISO/IEC 27001 certification reflects the discipline, governance, and operational rigor compliance technology providers must meet to serve modern financial institutions. This milestone reinforces that Comply is built to operate at enterprise scale, in complex regulatory environments, where security and accountability are non-negotiable.”
Alongside the certification, Comply has launched a new Trust Center designed to provide customers with centralised and real-time visibility into its security, privacy and governance posture. The Trust Center offers access to compliance documentation, security controls, internal policies, certifications and assurance materials, enabling clients and prospects to better understand how the firm manages operational risk beyond periodic audits.
Jeremy Trinka, chief information security officer at Comply, highlighted the practical implications of the certification. “ISO/IEC 27001 certification reflects the day-to-day reality of how our security program operates,” he said, “It requires continuous risk assessment, formally governed controls, tested incident response, and disciplined vendor oversight. Our Trust Center extends that operational rigor to our clients, providing clear visibility into how we manage security and risk in practice.”
The independent audit was carried out by A-LIGN, a cybersecurity compliance specialist accredited by both the ANSI National Accreditation Board and the United Kingdom Accreditation Service to certify organisations against ISO/IEC 27001 standards. The firm works with more than 4,000 organisations globally.
“ISO/IEC 27001 certification is a strong signal that an organization has established mature, sustainable information security practices,” A-LIGN COO Steve Simmons said, “Comply demonstrated a clear commitment to security governance, risk management, and operational excellence throughout the certification process.”
For Comply’s client base, which includes RIAs, broker-dealers, private funds and global financial institutions, the certification provides independent assurance that sensitive regulatory and personal data is protected through formally governed and continuously audited security controls aligned with international best practices.
The certification also builds on Comply’s recent industry recognition, including being named on the Inc. 5000 Fastest-Growing Private Companies list and winning RegTech of the Year at the 2025 U.S. FinTech Awards. Together, these milestones underline the company’s ability to scale rapidly while maintaining the operational discipline expected of a trusted compliance partner in an increasingly complex regulatory landscape.
Read more from RegTech Analyst.
Keep up with all the latest FinTech news here
Copyright © 2026 FinTech Global
