Trust & Security

Expert in IT security and compliance

Due to our roots in finance, tax, and FinTech, adorsys specializes in regulatory IT compliance, including COBIT, with a strong focus on IT security aligned with ISO 27001, NIS2, DORA, PCI-DSS, and ITIL. Committed to agile principles, we avoid over-engineering and unnecessary documentation ("shelf-ware").

Benefits

High and reproducible quality is the key to adorsys

As a software engineering and consulting professional services company, we run a never-ending series of customers projects. Customers and projects are varied, diverse and colorful – this is the essence and motivation for us to work in a supply-side company

But good principles and practices, do’s and don’ts, generic processes, reusable processes and knowledge assets, etc. are quite stable and should be continuously matured and improved during each project iteration.

This describes the common concept of a Quality Management System (QMS) that we apply to our end-to-end core process “Customer Engagement Lifecycle” and all its supporting and enabling processes (ISO 9001:2015 certified since 2022).

For our customers, this means:

  • We continuously monitor and improve our teams, processes and artifacts (e.g. customer feedback, lessons-learned workshops and compiled measures).
  • We carefully analyze, clarify and document your expectations and requirements and reflect them in our proposal, project and team setup.
  • Our delivery teams and processes are trained, supported, coached and monitored by our project delivery experts and our central and shared Project Management Office (PMO).
  • We are accustomed to executing and documenting our project plans, solution architectures, development processes, epics, stories, sprints, requirements, test cases, etc. according to best practices or standards (e.g. arc42, IREB, ISTQB, Scrum, SAFe).
  • If we discover or suspect quality or delivery problems, we will address the issues immediately and transparently.
  • We are able and trained to manage and ensure delivery quality and efficiency for multi-party projects with subcontractors onshore, nearshore or offshore.
  • All of our processes, tools and resources are designed to work “remotely”, embracing and enabling distributed teams, but taking into account the need for interpersonal trust, proximity, reliability, communication and team building.

Compliance

COBIT as the governance, risk and compliance model for our organization

In order to ensure compliance with regulatory requirements such as KWG25b (German Banking Act, outsourcing of activities and process), BAIT (Banking Supervisory Requirements for IT) or VAIT (Insurance Supervisory Requirements for IT) in our common project areas, we have established a governance, risk and compliance framework and organizational model that is specifically tailored to the needs of our company and business model.

This means that we actively operate, monitor, and improve the following governance and management elements, consisting of guidelines (“principles”), policies, processes, roles, concepts, checklists and other organizational definitions – while keeping everything as light and practical as possible:

Process and Quality Management System

Risk Management and Internal Control System

Information Security Management System

Business Continuity Management System

Data Protection Management System (GDPR / DSGVO)

Additional policies for e.g. ESG, Projects & Delivery, Architecture, Research & Innovation

Corporate strategy

Mission and values

Employee code of conduct

White Paper

Financial grade API (FAPI) – the new high-security specification for data schemas, security and privacy protocols

Through Open Banking, banks and other financial companies are giving third parties open access to their APIs – and enabling access to their customers’ personal and financial data.

The goal is to make financial services faster and more convenient for customers. It goes without saying that these interface APIs must be secured and protected from attack. The financial sector has always been a prime target for cybercriminals, and public interfaces offer even more opportunities for attack.

Download PDF