Service Provider and Legal Hold Software User
The company worked with Penta to host a secure collaborative environment for legal hold in compliance with local data jurisdiction requirements.
Read More
FINMA doesn't certify your IT. Instead, it supervises outcomes and expects you to prove your controls work and keep the evidence current. The bar keeps rising: cyber attacks are now a constant, and more of them arrive through suppliers and shared service providers, putting how you run your IT firmly in scope. Whatever your size, these expectations cluster into six areas:
ICT risk management
Cyber risk management
Critical data and access
Outsourcing and the cloud
Operational resilience
Incident reporting
Download Penta’s FINMA IT compliance guide for the specifics: every current FINMA expectation mapped to a control objective, a configuration and the evidence an audit will ask for, across Microsoft 365, managed private cloud and infrastructure as a service. It is written by our IT governance team and updated every year as FINMA’s expectations change.
Penta has helped financial-sector clients meet FINMA’s expectations since 1996. We work from two global financial centres, Geneva and Dubai’s DIFC, and run our own secure data centres. We build IT to pass a FINMA review rather than reshaping it to fit one after the fact.
When Penta runs part of your stack, you don’t just get managed IT. You inherit independently audited assurance you can hand straight to your auditor and to FINMA. Penta provides clients a yearly ISAE 3402 Type 2 report on its infrastructure and processes, holds an ISAE 3000 assurance report mapped to FINMA’s outsourcing expectations, is moving to SOC 2 Type 2, and is certified to ISO/IEC 27001:2022. The duty stays yours; the evidence for the outsourced part comes ready-made.
Ready to talk? The Penta team spans two countries, covering Europe and the Middle East in multiple languages. From a single outsourced application to the most complex private cloud, there’s a solution for you.
The best way to understand Penta is through the clients we work with. These are their stories: the challenge they faced, the thinking we brought to it, and where they landed. Different sectors, different problems, one consistent standard of work.