Back to blog posts

Pinwheel obtains highest security certification in the industry

Pinwheel Team

June 7, 2022

Download case study
Share On:

Since Pinwheel’s inception, the company has recognized that to build long-lasting solutions that truly benefit consumers and create a fairer financial system, security and compliance must be a top consideration.

Pinwheel continues its steadfast commitment to setting the industry’s standard for consumer-permissioned access to payroll data by attaining the ISO/IEC 27001:2013 certification. Pinwheel’s Information Security Management System (ISMS) has received third-party accreditation from the International Standards Organization.

What Pinwheel's ISO 27001 certification means

This certification demonstrates Pinwheel's dedication to the security and privacy of our customers' information and bolsters Pinwheel’s SOC 2 Type 2 compliance. Additionally, Pinwheel is a Consumer Reporting Agency (CRA) and remains the only provider in the space offering Fair Credit Reporting Act (FCRA)-compliant income and employment data.

ISO/IEC 27001:2013 is an information security management system standard published in October 2013 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

A-LIGN, an independent, third-party auditor, found Pinwheel to have technical controls in place and formalized IT Security policies and procedures. A-LIGN is an ISO / IEC 27001 certification body accredited by the ANSI National Accreditation Board (ANAB) to perform ISMS 27001 certifications. Pinwheel has implemented several security measures and countermeasures that protect it from unauthorized access or compromise and IT personnel were found to be conscientious and knowledgeable in best practices.

“As the market-leading income layer for financial services our platform currently covers more than 100 million US-based employed people, and it’s imperative that our security strategy incorporates every measure possible to protect our customers and their end-users,” said Jeff Hudesman, Chief Information Security Officer, of Pinwheel “By conducting independent and impartial assessments of our security controls, we feel confident of our robust security posture.”