Comply, a provider of regulatory compliance software and consulting for financial institutions, has secured ISO/IEC 27001 certification, marking a milestone in its information security and governance posture.
The certification is designed to validate that the company has implemented and operates a formal information security management system (ISMS) to protect the confidentiality, integrity, and availability of client data. Comply said the audited framework is embedded across its technology, cloud infrastructure, internal operations, and governance, positioning security as an ongoing operational discipline rather than a one-off compliance exercise.
ISO/IEC 27001 is widely recognised by financial institutions, regulators, and enterprise risk teams as an indicator of security maturity, requiring organisations to demonstrate structured risk assessment, formalised controls, executive accountability, continuous monitoring, and ongoing improvement. Comply framed the achievement as closely aligned with the expectations its own customers face as regulated firms.
Comply CEO Michael Stanton said, “For our clients, trust is not aspirational, it’s foundational,” and added, “ISO/IEC 27001 certification reflects the discipline, governance, and operational rigor compliance technology providers must meet to serve modern financial institutions. This milestone reinforces that Comply is built to operate at enterprise scale, in complex regulatory environments, where security and accountability are non-negotiable.”
Alongside the certification, Comply has launched a Trust Center intended to give clients and prospective customers centralised, real-time visibility into its security, privacy, and governance position. The company said the portal provides access to compliance documentation, security controls, policies, certifications, and ongoing assurance materials, with the aim of extending transparency beyond point-in-time audits.
Comply chief information security officer Jeremy Trinka said, “ISO/IEC 27001 certification reflects the day-to-day reality of how our security program operates,” and added, “It requires continuous risk assessment, formally governed controls, tested incident response, and disciplined vendor oversight. Our Trust Center extends that operational rigor to our clients, providing clear visibility into how we manage security and risk in practice.”
The independent audit was conducted by A-LIGN, which Comply described as a global cybersecurity compliance firm trusted by more than 4,000 organisations. A-LIGN is accredited by the ANSI National Accreditation Board and the United Kingdom Accreditation Service to certify organisations against ISO/IEC 27001. A-LIGN chief operating officer Steve Simmons said, “ISO/IEC 27001 certification is a strong signal that an organization has established mature, sustainable information security practices,” adding, “Comply demonstrated a clear commitment to security governance, risk management, and operational excellence throughout the certification process.”
Comply said the certification provides independent assurance to its customer base—spanning RIAs, broker-dealers, private funds, and global financial institutions—that sensitive compliance, regulatory, and personal data is protected through formally governed, continuously audited controls aligned with global best practices. The company also pointed to recent momentum, including inclusion on the Inc. 5000 Fastest-Growing Private Companies list and recognition as RegTech of the Year at the 2025 U.S. FinTech Awards, as evidence it can scale while maintaining operational discipline.
Keep up with all the latest RegTech news here
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
