MEXICO CITY / AGILITYPR.NEWS / April 21, 2025 / The globally recognized standard validates the maturity of an organization's security programs and has been awarded to fewer than 30 cryptocurrency companies

Bitso – the leading financial services company powered by crypto in Latin America – announced today that it has been awarded the ISO/IEC 27001:2022 certification, the leading global validation of information security held by fewer than 30 companies in the crypto sector.

Bitso's information security thus reaches a globally recognized level, with a certification that has been awarded to fewer than 50,000 organizations worldwide in its more than 10 years of existence.

"In the cryptocurrency industry, maintaining the highest security standards is paramount, as threats evolve daily and become increasingly sophisticated," stated Jeff Fostek, Bitso’s Chief Information Security Officer. "Bitso has consistently aimed to lead in fortifying its internal systems, ensuring regulatory compliance, and actively engaging within the ecosystem to foster a more secure and prosperous industry."

The ISO/IEC 27001:2022 standard is globally recognized for validating the maturity of an organization's security program. It features a rigorous assessment process that requires organizations to demonstrate effective security controls and information security risk management in four key areas:

• Organizational Controls: These are the policies, procedures, and responsibilities that Bitso implements to protect the organization and its customers.
• Physical Controls: These include elements such as locks, security cameras, and secure areas. These controls protect physical assets and prevent unauthorized access.
• Personnel Controls: These focus on the human factor and their training. It includes background checks for Bitsonauts and ensuring that everyone understands their security responsibilities.
• Technological Controls: These are digital defenses. They include elements such as firewalls, antivirus software, and computer and network access controls.

Organizations of all sectors and sizes, not just fintechs, use the ISO/IEC 27001:2022 standard to guide the development, implementation, maintenance, and continuous improvement of their information security management systems. In Bitso's case, all information security teams, but especially every Bitsonaut, have been key to achieving this level by following policies, reporting incidents, receiving training, and assuming their security responsibilities.

By obtaining and maintaining certifications aligned with global standards, Bitso demonstrates its ongoing commitment to quality and security, fostering the trust of customers, partners, and stakeholders. Its dedication to maintaining this trust, whether with ISO/IEC 27001:2022 or other certifications, stems from a deep concern for customers, even beyond regulatory mandates.

“Receiving the ISO/IEC 27001:2022 certification reinforces our commitment to accelerating the global adoption of cryptocurrencies,” Fostek said. “This achievement focuses on our customers, who entrust us with their assets, data, and future, and we demonstrate our commitment with concrete actions, not just words. Security is our responsibility, a duty we take personally.”

More information about information security at Bitso: https://bitso.com/mx/safety