Cyber security
“In today’s digital world, we recognise that cyber security is an important consideration when choosing a wealth management partner. Cyber security isn't just a top priority at Formue, it's our promise. Safeguarding customer information and digital assets is as critical to us as it is to you. Your trust is our greatest asset, and we can assure you that Formue management and the Board are committed to protecting it with the highest standards of cyber security” – Christian Dahl, CEO.
Our dedicated information security department is led by the Chief Information Security Officer, who is responsible for Formue’s security program & strategy. Formue has made significant investments in competent employees and leading cyber security systems to ensure effective protection of customer information and digital assets.
Security is integrated into all business processes and day-to-day operations. The following measures are in place to protect customer information and digital assets during processing, transmission, and storage: Two-factor authentication, strict password requirements, access management, data encryption, secure data storage, secure document handling, device and network protection, secure development practices, AI-based email security to guard against sophisticated phishing attacks, backup and recovery testing, and business continuity and disaster recovery planning.
Our external managed Security Operations Center (SOC) utilises specialised expertise to provide 24/7 security alert monitoring, threat detection, and incident response.
We continuously monitor developments in the cyber threat landscape to stay ahead of new vulnerabilities and threats.
Risk management is the foundation of Formue’s security program. Our security team continuously assesses and mitigates potential risks within our operations, strengthening our security measures to ensure that systems, data, and processes remain protected. By anticipating new threats and implementing strong security controls, we maintain a secure and resilient environment for customer information and digital assets.
Our extensive cyber security training and awareness program ensures that employees consistently follow our processes for protecting customer information. Phishing tests are conducted regularly, as well as annual security training and a security culture survey to identify areas of strength and improvement. Continuous awareness has fostered a security culture that enables our employees to consider security in their daily work and identify and report security weaknesses as quickly as possible.
The suppliers we work with are assessed from a security and privacy perspective to ensure they meet our security requirements and GDPR requirements, minimizing potential third party risks.
Formue complies with international standards such as ISO 27001 and the NIST Cybersecurity Framework, as well as applicable laws and regulations in the countries where we operate, including financial license requirements, GDPR, and DORA. These frameworks ensure we meet the highest security and privacy benchmarks.
Formue undergoes annual security audits conducted by independent specialists to ensure our security processes are continuously improving and remain effective against new cyber security threats. This includes tests that simulate cyber-attacks to identify and address potential weaknesses.
Building trust with ISO27001 certification
“Telling customers ‘Your information is safe with us’ is no longer enough. Data breaches are increasing in the Nordics; we see more frequent reports of this in the media. To build trust, a greater level of assurance is needed. As part of Formue’s commitment to protecting customer information and digital assets, we’ve aligned our security controls to the highest standards and achieved ISO27001 certification.”
- Dayne Skolmen (CISO)