Comply Achieves ISO 27001, Raising the Bar for RegTech Security

NEW YORK, NY – January 26, 2026 – Comply, a leading provider of regulatory compliance software for financial institutions, has achieved ISO/IEC 27001 certification, signaling a significant step forward in its commitment to data security and governance. This globally respected standard for information security management systems (ISMS) validates that the company has implemented a comprehensive, independently audited framework to protect its clients' most sensitive data.

The certification comes at a time when financial institutions face unprecedented regulatory scrutiny and a relentless barrage of cyber threats. For the more than 5,000 firms that rely on Comply—ranging from registered investment advisors (RIAs) and broker-dealers to global investment banks—this achievement offers a powerful, third-party assurance that their data is handled according to the highest international security protocols.

A New Benchmark for Trust and Governance

ISO/IEC 27001 is widely regarded by regulators and enterprise risk teams as the definitive benchmark for operational security maturity. Achieving it requires more than just implementing security controls; it demands a holistic and systematic approach to managing information security risks. The certification validates that Comply has embedded robust security practices across its technology, cloud infrastructure, internal operations, and corporate governance.

“For our clients, trust is not aspirational, it’s foundational,” said Michael Stanton, Chief Executive Officer of Comply, in a statement. “ISO/IEC 27001 certification reflects the discipline, governance, and operational rigor compliance technology providers must meet to serve modern financial institutions. This milestone reinforces that Comply is built to operate at enterprise scale, in complex regulatory environments, where security and accountability are non-negotiable.”

The rigorous, independent audit was conducted by A-LIGN, a globally recognized cybersecurity compliance firm accredited by both the ANSI National Accreditation Board (ANAB) and the United Kingdom Accreditation Service (UKAS). This dual accreditation underscores the audit's credibility and global acceptance, ensuring the certification meets stringent international standards.

“ISO/IEC 27001 certification is a strong signal that an organization has established mature, sustainable information security practices,” noted Steve Simmons, Chief Operating Officer at A-LIGN. “Comply demonstrated a clear commitment to security governance, risk management, and operational excellence throughout the certification process.”

Enhancing Transparency with a New Trust Center

To complement the certification, Comply has also launched its new Trust Center, a centralized portal designed to provide clients and prospects with real-time visibility into the company's security, privacy, and governance posture. This platform offers transparent access to a wealth of information, including compliance documentation, security controls, internal policies, and ongoing assurance materials.

This initiative directly addresses a growing need within the financial industry for streamlined vendor due diligence. Instead of relying on static, point-in-time security questionnaires, Comply’s clients can now access a dynamic, up-to-date repository of evidence demonstrating the company's security practices. This not only simplifies risk assessments but also fosters a deeper level of trust through continuous transparency.

“ISO/IEC 27001 certification reflects the day-to-day reality of how our security program operates,” explained Jeremy Trinka, Chief Information Security Officer at Comply. “It requires continuous risk assessment, formally governed controls, tested incident response, and disciplined vendor oversight. Our Trust Center extends that operational rigor to our clients, providing clear visibility into how we manage security and risk in practice.”

Navigating a High-Stakes Threat Landscape

Comply’s focus on verifiable security comes at a critical juncture for the financial sector. Industry data reveals that financial services firms are targeted by cyberattacks at a rate 300 times higher than other industries, with the average cost of a data breach exceeding $5.9 million. In this environment, the security posture of third-party technology vendors has become a paramount concern for financial institutions and their regulators.

Regulatory bodies like the U.S. Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) have intensified their focus on cybersecurity. Recent SEC rules mandate timely disclosure of material cybersecurity incidents and detailed reporting on risk management strategies. While aimed at public companies, these regulations set a clear standard for the entire financial ecosystem, placing greater responsibility on firms to ensure their vendors meet stringent security requirements. The ISO 27001 framework provides a structured methodology for managing information security risks that directly aligns with these heightened regulatory expectations, covering everything from risk assessment and treatment to incident management and business continuity.

A Strategic Move for Enterprise Growth

Beyond being a defensive measure, the ISO 27001 certification is a key strategic asset that fuels Comply's growth and competitive positioning. In the crowded RegTech market, this certification serves as a powerful differentiator, particularly when courting large, enterprise-level clients who operate under the most demanding security and compliance mandates. It provides independent proof that Comply’s platform is not only technologically advanced but also operationally sound and built to enterprise scale.

This achievement builds on significant momentum for the company, which was recently named to the Inc. 5000 list of fastest-growing private companies and recognized as the RegTech of the Year at the 2025 U.S. FinTech Awards. Together, these milestones paint a picture of a company scaling rapidly while embedding the operational discipline required of a trusted partner in the financial services industry. For Comply's diverse client base, the certification provides tangible assurance that their most sensitive compliance, regulatory, and personal data is protected by a formally governed and continuously audited security program aligned with global best practices.