Regulatory Compliance

IT compliance auditing pre-bundled for regulators

Penta’s entire infrastructure is audited yearly by EY (Ernst & Young) to international standards. The audits meet all major financial regulators’ IT compliance requirements, and are available to every client for compliance needs and peace of mind.

The International Standard on Assurance Engagements (ISAE) 3402 audit is an internationally recognized auditing standard, the equivalent of SAS 70, CICA 5970, AAF and other national standards.

Penta’s ISAE 3402 Type II audits cover activities against 17 control points over a period of 12 months. Audits are performed by reputable auditing firms, most recently by EY (Ernst & Young).

Regulatory compliance

Built for financial services
IT auditing for regulatory compliance is completely taken care of. One less thing to worry about.

Hover over the diagram to read more.

Independent compliance auditor

Penta entire infrastructure and methodologies are audited by third-party independent auditors every year.

The auditor is always one of the Big Four auditing companies and is changed regularly to ensure independence.

The lastest audits were performed by EY (Ernst & Young).

Auditing and audit report

Penta takes care of the whole auditing process:

  • Sourcing the requirements from the financial regulator
  • Interpreting and defining the auditing requirements
  • Commissioning and producing the independant auditors report

The financial regulator and you

You simply hand over the ready-packaged auditor's report to your financial regulator knowing that all the IT requirements for your industry have been met, with no hassle and at no extra cost.

Data processing

Data access is by secure dedicated fiber optic connections between offices and the data centers.  Remote connectivity from outside the offices is secured with multi-factor strong authentication over Virtual Private Network (VPN).

Data protection

All client data is stored securely in jurisdictions recognized for their data protection legislation.  Data-At-Rest, Data-In-Use and Data-In-Motion is encrypted with AES 256 algorithms according to the FIPS 140-2 standard.

Business continuity

All data and infrastructure is backed up daily to an off-site location for all Penta clients.   In addition full business continuity and disaster recovery services are available up to RPO-zero and RTO-12 configurations.

Communication records

Emails are kept for at least five years or according to regulatory compliance requirements.    Telephone conversations are recorded automatically or on-demand. Automatic email archiving and backup ensures that nothing is lost.