Continuous commitment across all stakeholders

The engagement of each and every stakeholder is crucial. Therefore, we share our guidelines below and urge all interested parties to follow them.

ebankIT Guidelines
ebankIT Code of Ethics and Business Conduct
ebankIT Anti-Money Laundering Policy
ebankIT Privacy Notice
Prevention Plan Risks Corruption and Related Infractions
Annual Report on Prevention of Corruption and Related Infractions

ebankIT guidelines and policies

ISO 27001_URS_UKAS 1-1

The Information Security Management System is certified by ISO/IEC 27001:2013 within the scope of  “Information security in the support cycle of software development” to preserve the confidentiality, integrity and availability of information through the application of a risk management process in order to give confidence to stakeholders that risks are managed properly.

ebankIT Platform - CMMI Development V2.0 (CMMI-DEV) without SAM - Maturity Level - 2-Color

ebankIT is appraised at CMMI V2.0 Level 2.The Capability Maturity Model Integration (CMMI) is a process optimization model, which provides organizations with the essential elements to efficiently manage software development projects.

Group 303

ebankIT produces SOC 2 Report to a describe the service organization’s system and a test of design of the service organization’s relevant controls that are in place to secure the service provided. Currently, ebankIT has a SOC 2 Type II report dated as of the 31st December, 2022. 

Security and privacy are top priorities

The ebankIT platform is developed as an infrastructure that is continuously assessed to guarantee compliance with all applicable laws and regulations, applying financial industry standards and best practices assured by internal controls and external certification bodies.

Group 1 (3)

Privacy and data protection

ebankIT implemented a Privacy Program to ensure all data entrusted to us is processed according with the General Data Protection Regulation. ebankIT ensures that all our workflows are audited by data security and privacy assessments of the potential risks and vulnerabilities. ebankIT also proceeds with vendors Risk assessments, working only with partners and third parties that ensure GDPR compliance.


Data Security

ebankIT embeds security protocols in all stages of the software development lifecycle and infrastructure. This includes a set of internal controls activities such as Control environment, Risk Management and Monitoring. Logical and Physical access controls, Alerts and Incident management and Recovery plans.

icon1 (1)
Risk assessment

ebankIT identifies and treat relevant risks to achieve its objectives at different levels.

icon2 (1)
Data loss prevention

ebankIT uses a Data Loss Prevention service to avoid data leaks.

icon3 (1)
Data transfer

ebankIT sends information through SFTP channels, VPNs, and zip-encrypted information when risks are identified.

icon4 (1)
Logical and physical access controls

Logical and Physical Access controls are in place to avoid unauthorized access to confidential information.

icon5 (1)
Anonymized test data

ebankIT uses anonymized test data to ensure the full functionality of clients' software and protect their data confidentiality.

icon6 (1)
Penetration tests

ebankIT annually requests an independent entity to identify and analyses vulnerabilities in the ebankIT´s infrastructure and systems.

icon7 (1)
Control activities

Control policies and procedures are established and executed to ensure that the actions identified by management are necessary to address risks are effectively carried out.

icon8 (1)
Monitoring and change management

ebankIT processes are monitored, and modifications made as necessary. In this way, the system can react dynamically, changing as conditions warrant. Changes to the organization, business processes, assets, information processing facilities and systems that affect information security are registered and controlled accordingly to change management policy.

icon9 (1)
Incident management and recovery plans

A Business Continuity and Disaster Recovery Plan has been defined and periodically tested. It defines the main risks and mitigation measures to be taken in case of failure. It establishes what the company must do if normal activities business cannot be carried out due to disability, such as loss of technology, facilities, or a large proportion of employees.