ISAE3402 Certification (formerly SAS 70) Type II

In December 2010, PKO BP Finat sp. z o.o. was granted a certificate of compliance with the international standard SAS 70 Type II.

The SAS 70 Type II Report elaborated by the Company received a positive opinion of the auditor and constitutes an official confirmation of the effectiveness of control mechanisms used in the Company during the audited period.

In 2011, the SAS 70 Type II Report was replaced with ISAE3402 standard introduced by the International Auditing and Assurance Standards Board, which is part of the International Federation of Accountants.

In February 2023, control mechanisms of the company were examined in terms of the correctness of their design and the operational effectiveness of implemented controls on the basis of the ISAE3402 standard. The examination resulted in obtaining a positive auditor's opinion on the ISAE3402 Type II Report elaborated by PKO BP Finat.


Information Security Management System Certification

In June 2008, Finat received a Certificate in Information Security Management System which complies with the requirements of ISO/IEC 27001:2005 to the following extent: pension funds services, investment funds services, IT, mailing, call centre, scanning and archiving services. Since then, the Company is subject to annual surveillance audits and, once every 3 years, to audits aimed to renew the certificate. The audits verify the operation and maintenance of the Information Security System in accordance with the requirements of the ISO27001: 2005 standard and with the scope of the granted certificate. All audits conducted since 2008 confirmed that the Company has been meeting the requirements of the aforementioned standard.

The last audit aimed at renewing the certificate took place in March 2023. As a result, PKO Finat received the ISO/EC 27001:2013 and also ISO/IEC 27017, ISO/IEC  27018 (cloud services).