Mobile wallet GCash said it became the first Philippine fintech to achieve ISO certifications for two globally recognized standards for information security management and privacy information management systems— the ISO/IEC 27001 and the ISO/IEC 2770.
GCash said it is the first fintech company in the Philippines to receive both certifications simultaneously, following a comprehensive and independent audit by the British Standards Institution (BSI), a business improvement and standards organization that partners with more than 84,000 clients globally across multiple industry sectors.
The certifications affirm that the information security and privacy management systems of GCash met international standards and best practices, which have been vetted by a third-party auditor, establishing transparency and building trust in the country’s largest cashless ecosystem.
“These ISO certifications are external validations of our internal belief that we must always operate with the highest integrity and discipline by integrating security and privacy into every aspect of our operations and innovations,” said GCash chief technology and operations officer Pebbles Sy.
BSI country managing director Ava Taniajura said, the certifications have equipped GCash with a significant advantage in safeguarding against potential threats.
“GCash has implemented comprehensive systems and controls to ensure the utmost security and confidentiality of its users’ personal information,” said Taniajura.
GCash chief information security officer Miguel Geronilla said staying ahead of threats and strengthening defenses is essential to protecting customers and enabling innovation with confidence.
“We have invested heavily in building a digital environment that prioritizes safety. These certifications are not just milestones but also a reflection of our commitment to protecting the trust that our millions of users have placed in us,” Geronilla said.
The ISO/IEC 27001 certification validates the systematic approach of GCash in managing sensitive information. The complementary ISO/IEC 27701 standard focuses on how personal data is collected, stored, and processed following global and local privacy laws, including the Philippine Data Privacy Act and the EU’s General Data Protection Regulation (GDPR).
“The reality is that financial services are now frontlines in the battle for data protection,” said GCash vice president and group data protection officer Rob Real.
“Our approach combines legal compliance with technology-enabled governance to stay ahead of increasingly complex threats,” said Real.
GCash is the first Philippine-based fintech company to receive dual certifications in ISO/IEC 27001 and ISO/IEC 27701 as of certification dates.
