Best Practices for Fintechs Managing IT Security Risks: Availability is non-negotiable

24 January 2019

Sam Khoury, Partner and National Financial Services Leader at BDO Canada LLP, writes a series of blogs exploring the best practices for fintechs managing security risks. In part 2 of his series, Sam talks about availability, specifically making sure information and systems are available for operation and use to meet your company's objectives.


Securing an SLA  save companies money over the long term, considering the cost of a service disruption or security breech. A “robust” SLA will include a definition of roles, a definition of stakeholders, a detailed description of service deliverables, Key Performance Indicators (KPIs) and change-management procedures.

Compliance reports

Outsourcing partners should also be able to provide a fintech with compliance reports. However Sam recommends fintechs still need their own because they control the software. Any breeches as a result of poor access controls or an ill-fated change-management approach would fall back on the fintech.

Disaster recovery plans

A good disaster recovery plan is for the business's own piece of mind as well as that of their clients. For example, a company that has a full dual site that has been tested to ensure that it backs up and is available if one of the two sites goes down.


Article adapted from BDO Global, to read more, click here.