Home → News & Resources → Client Success Stories
Paystack Journey Towards ISO/IEC 27001 & ISO/IEC 27701 Certifications
Paystack Journey Towards ISO/IEC 27001 & ISO/IEC 27701 Certifications
One of Paystack’s core values is “Insist on high standards” which reminds us that merchants trust us with their livelihoods. As such, we give this responsibility our absolute best. At Paystack, we seek to be the reliable industry experts that our merchants and partners can count on, especially in areas critical to their operations like privacy and security. By adhering to the rigorous ISO/IEC 27001 and ISO/IEC 27701 standards, we are not only able to maintain top-tier security and privacy practices but also champion these standards throughout the fintech ecosystem.
– Toulu Akerele (Global Data Protection Officer, ISMS Manager)
About Paystack
Paystack is a technology company that powers growth for incredible businesses in Africa. Over 200,000 organizations of all sizes – from startups to government agencies – use Paystack to collect online and in-person payments securely, and to provide a modern, delightful payment experience.
Founded in 2015 and launched in January 2016 by Shola Akinlade (CEO) and Ezra Olubi (CTO), Paystack was the first Nigerian company to be accepted into
Y Combinator, one of the most influential startup accelerators globally. Since then, the company has scaled to almost 200 employees and over $250 million in monthly transaction volume. Today Paystack is live in Nigeria, Ghana, Kenya, Côte d’Ivoire, and South Africa.
Over the long term, Paystack aims to ensure that all African businesses can go toe-to-toe with the best companies on the planet and win.
Why did you choose to get certified against ISO/IEC 27001 and ISO/IEC 27701?
Embarking on Paystack’s ISO certification journey, considering the sensitivity of data Paystack is responsible for from our merchants and partners, we took the strategic step to extend our existing ISO/IEC 27001 certification to include privacy management. As Paystack engages in more international partnerships, the importance of robust privacy and security practices becomes critical due to the increased storage, processing, and transfer of personal data. Given the maturity of Paystack’s privacy program and the existing Information Security Management System (ISMS), implementing a Privacy Information Management System (PIMS) was a strategic move to strengthen our already significant privacy and security measures and prevent data misuse.
Benefits of obtaining ISO/IEC 27001 and ISO/IEC 27701 certifications
Achieving certification in both standards confirms that Paystack’s security and privacy practices meet the highest global industry standards, which ensures the utmost protection and confidence in how we handle data.
Privacy regulations and data protection laws are constantly evolving. Certifying against the ISO/IEC 27701 standard guarantees that Paystack maintains a strong privacy posture, adapts to new privacy challenges, and continuously improves data protection practices following the ISO/IEC 27701 standard’s requirements. As such, Paystack can meet the legal and regulatory requirements in the markets that we operate in.
With ISO standards being a risk-based approach, our Management Systems ensure the early identification of any potential privacy or security risks and vulnerabilities within our data handling practices. Addressing these risks proactively helps reduce the likelihood of data breaches and associated reputational damage. The two standards (ISO/IEC 27701 and ISO/IEC 27001) complement each other and show a risk-based approach to privacy and security.
Holding both ISO/IEC 27001 and ISO/IEC 27701 certifications distinguishes Paystack from competitors and gives the company additional leverage when bidding on international or large-scale Requests For Proposals (RFPs). Based on the latest trends, customers will start asking for ISO/IEC 27701 certification, like they currently do with ISO/IEC 27001. It is already proving largely beneficial for Paystack to have a third-party attestation of the strength of our privacy program – particularly when the third party is an internationally accredited organization (MSECB) certifying us to an internationally recognized and standardized set of guidelines. Overall, it demonstrates Paystack’s commitment to consumer privacy, data protection, and ensuring the security of all information.
About your experience with MSECB
Our audit experience was seamless as our auditors were knowledgeable. We had insightful conversations with them on how we have implemented the standards. We were also able to learn from their experiences and discuss opportunities for improvement.
As always, we appreciate the thoroughness, diligence, and professionalism of the entire MSECB team and look forward to collaborating with them again during our next audit.
Other Testimonials
“We had a positive experience with MSECB. Our concerns were addressed in a friendly and timely manner, showcasing MSECB’s commitment to assisting organizations in achieving robust information security management systems.”