ecrop aligns its Information Security Management System (ISMS) with internationally recognized standards like ISO 27001, FATF (Financial Action Task Force) recommendations, and NIST Cybersecurity Framework. This section explains these standards’ significance for ecrop and its customers and describes standards implementation and compliance at ecrop.

ISO 27001: Foundation for Information Security

ISO/IEC 27001 is the international leading standard for Information Security Management Systems (ISMS). It defines requirements for ISMS establishment, implementation, monitoring, continuous improvement, and certification. The standard is based on a risk-based approach and requires companies to systematically identify, assess, and treat information security risks.
  • Significance for ecrop: ISO 27001 certification demonstrates ecrop’s commitment to information security and customer data/asset protection. It provides a solid ISMS foundation and ensures compliance with highest security standards, such as data confidentiality, integrity, and availability. Certification also confirms ecrop has effective risk management and systematically controls information security risks. Link to ISO 27001 Certification
  • Implementation at ecrop: ecrop has implemented and certified an ISMS according to ISO 27001. The ISMS covers all relevant information security areas, from risk assessment and management through access control, encryption, secure software development, and secure IT system operation to incident management and emergency planning. The ISMS is regularly reviewed and adapted to changing requirements.
  • Customer Benefits: ecrop’s ISO 27001 certification assures customers their data and assets are protected to highest security standards. It strengthens trust in the ecrop platform, offered services, and regulatory compliance.

FATF Recommendations: Global Anti-Money Laundering Standards

FATF (Financial Action Task Force) is an intergovernmental organization dedicated to combating money laundering, terrorist financing, and proliferation financing. FATF recommendations are internationally recognized AML standards, regularly updated to address changing money laundering and terrorist financing risks and methods.
  • Relevance for ecrop and Customers: As a financial services institution in crypto, ecrop must implement FATF recommendations. This particularly concerns customer identification (KYC), transaction monitoring, suspicious transaction reporting, and risk-based customer and transaction assessment. ecrop customers issuing crypto securities through the white-label platform must also consider FATF recommendations in their processes, particularly regarding due diligence toward investors.
  • Implementation at ecrop: ecrop has implemented a robust AML system complying with FATF recommendations. This includes strict KYC processes, automated transaction monitoring system, and clear suspicious transaction reporting process.
  • Financial System Integrity Benefits: ecrop’s FATF recommendation compliance contributes to financial system integrity and minimizes money laundering and terrorist financing risk in crypto.

NIST Cybersecurity Framework: Cybersecurity Best Practices

The NIST Cybersecurity Framework is a cybersecurity risk management framework developed by the U.S. National Institute of Standards and Technology (NIST). It offers a flexible, risk-based approach to improving cyber resilience.
  • ISO 27001 Complement: The NIST Cybersecurity Framework complements ISO 27001 and provides additional best practices and guidelines for effective ISMS implementation. It helps companies identify, assess, control, and monitor cybersecurity risks.
  • Implementation at ecrop: ecrop uses the NIST Cybersecurity Framework as complementary framework for its cybersecurity strategy. It supports ecrop in prioritizing security measures and continuous ISMS improvement.
  • Customer Benefits: ecrop’s use of NIST Cybersecurity Framework strengthens platform cyber resilience and increases customer data and asset security.