The mortgage repricing platform has officially attained data security protection certification.
Mortgage repricing platform Sherlok has attained ISO (the International Organisation for Standardisation) certification.
To continue reading the rest of this article, please log in.
Looking for more benefits? Become a Premium Member.
Create free account to get unlimited news articles and more!
Looking for more benefits? Become a Premium Member.
The organisation, which offers a client retention automation tool for mortgage brokers, revealed on Friday (20 October) that it had achieved ISO 27001 certification – an internationally recognised specification for an Information Security Management System.
The auditable standard deals with the overall management of information security, rather than just which technical controls to implement.
Sherlok said its certification was a demonstration of its “unwavering commitment to security and trust in the financial industry”.
Founder and chief executive Adam Grocke stated: “Obtaining ISO 27001 certification is a significant milestone for Sherlok. It signifies a new era of security and trust for both mortgage brokers and home owners.
“With this achievement, we demonstrate our unwavering commitment to safeguarding the interests of all parties involved, providing them with peace of mind.”
The organisation stated that the certification was “globally recognised as a symbol of excellence”.
The chief technology officer (CTO) of Sherlok, Nik Pinchuk, added: “ISO 27001 certification underscores our dedication to adhering to rigorous security standards and best practices in our technology.
“This achievement represents an important validation step in our data protection and risk mitigation maturity.”
With the ACCC (Australian Competition and Consumer Commission) estimating $3.1 billion was lost to scams in 2022 alone, the issue of data protection has been of increasing national importance.
Cyber security specialist firm DotSec recently told The Adviser that while a broker might be focused on the size of their trail as their business value, the true value of a business is the data within it.
The firm described a broker’s business as “a goldmine of information” with access to not only high-value information such as identification document numbers but also a range of personal information such as addresses and bank details.
Speaking to The Adviser earlier this month, director of DotSec, Tim Redhead, said coming back from a cyber attack is exceedingly costly, meaning prevention is better than trying to find a cure.
Mr Redhead stated: “Getting into the position where you have to decide whether or not you’re going to pay a ransom or take action means it is already too late. The horse has bolted. You want to avoid this happening in the first place.
“The three key things that are of value in a business are usually, in order, the business, the people that work in the business, and the data for which the business is responsible. If a computer is damaged, we tend to know the cost of replacing it and the cost of downtime. But fewer people consider the cost to the business of losing the data that is stolen or destroyed during a compromise.”
He mentioned that businesses needed to create an asset register, an understanding of all the things associated with the organisation and how it works – and then undertake a risk assessment and consider all the things that could go wrong and the consequences if they did go wrong.
“A successful cyber security outcome is more likely if the organisation first works to understand risk and then mitigate that risk using people, processes and (where needed) technology,” Mr Redhead added.
[Related: The true cost of a data breach]
JOIN THE DISCUSSION