Amphora announces BSI certification to ISO/IEC 27001:2022

ISO/IEC 27001:2022 is an Information Security Management System (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.

 The Amphora Information Security Management System is applicable to the provision of CTRM software products and associated services including the design, development, testing and release of commodity trading and risk management software as well as customer support, project services and public cloud hosting in accordance with the statement of applicability R 2.1 dated 2025-04-17.

 “It is with immense pride that we announce our BSI certification to ISO/IEC 27001:2022. This management system supports us in achieving our information security objectives including protecting the confidentiality, availability, and integrity of customer data” said Chief Executive Officer, Chris Mudry. “In addition, we expect to be able to safeguard our information assets, mitigate information security risks and build trust by embedding rigorous information security practices”.

David Mudd, Global Head of Digital Trust Assurance at BSI, said: “As core business practices become increasingly cloud-based and digitally reliant, it’s critical for organisations to stay alert to cyber threats, with a particular obligation on businesses providing such services. As a provider of cloud-based services in the key area of fintech and risk management, achieving certification to ISO/IEC 27001:2022, with a comprehensive scope covering the full life-cycle of their products, demonstrates that Amphora has taken necessary steps to protect the information assets of their customers as well their own.

“Amphora has ensured the organisations information security is in line with global best practice and accurately reflects any vulnerabilities. The company’s commitment to rigorous processes, continual improvement and the safeguarding of information assets demonstrates a proactive approach to data protection and risk mitigation.”

 For any company, the road to certification requires time and effort. Amphora began internal preparation for certification in 2024, by evaluating existing policies and procedures before advancing through rounds of internal audit, external stage 1 audit and external stage 2 audit at each of our global operating locations.

 Determined to sustain the commitment to operating a management system, Amphora has enrolled the full team in the objectives of Information Security, embedding the polices and procedures into our daily operations.

 In April and May 2025, BSI performed the mandatory certification audit. They then notified Amphora about the achievement of ISO/IEC 27001:2022 certification on June 20, 2025 and issued the certification of registration number IS 821031.