Crowdpear becomes the first crowdfunding platform in Lithuania to receive the ISO/IEC 27001:2022 certification

Crowdpear has officially received the ISO/IEC 27001:2022 certificate — becoming the first crowdfunding platform in Lithuania to achieve compliance with the world’s leading standard for Information Security Management Systems (ISMS).

The audit was carried out by the accredited certification body Baltum Bureau, following an extensive review of Crowdpear’s security processes, controls, and documentation.

“Financial services and IT security are inseparable, which is why strong information security management has always been a priority for Crowdpear. Achieving ISO/IEC 27001:2022 is not a final result but a continuous process. This certification confirms the maturity of our current controls, and we will keep improving, strengthening, and maintaining information security to ensure long-term resilience” – says Arūnas Lekavičius, one of the Crowdpear shareholder‘s responsible for business development.

What ISO/IEC 27001:2022 means for business

ISO/IEC 27001:2022 provides Crowdpear with a formal, structured Information Security Management System. Risks are identified and treated using a clear methodology, supported by mapped policies, processes, roles, and controls, including the standard’s updated focus areas such as supplier management, secure development, and incident response. For the platform, this means fewer incidents and outages, stronger alignment with EU and Lithuanian regulatory expectations, more predictable team operations, and solid evidence for inspections and audits.

For the platform clients the certification increases confidence that their funds and personal data are protected and provides independent proof that the platform manages risks according to an internationally recognized security standard. This simplifies due diligence for corporate partners, reduces the likelihood of losses related to breaches or downtime, and positions Crowdpear as a more reliable and trustworthy choice within the crowdfunding and FinTech market.

Additionally, Crowdpear undergoes regular annual penetration testing performed by independent specialists, further validating the effectiveness of its security controls and the resilience of the platform.

Alignment with DORA (Digital Operational Resilience Act)

ISO/IEC 27001:2022 reinforces Crowdpear’s compliance with key EU regulations and supports the company’s ongoing investment in security and operational resilience.

Crowdpear has a dedicated ICT security specialist and clearly assigned responsibilities across the three-lines-of-defense model, supported by established processes that ensure: structured ICT risk management, incident classification and reporting, asset inventory and configuration control, business continuity readiness, centralized logging and continuous monitoring, robust supplier and third-party ICT risk oversight.

The company continues to strengthen operational resilience and enhance internal capabilities in line with DORA requirements.

Support for GDPR (General Data Protection Regulation)

Crowdpear’s GDPR compliance is supported by a formal privacy management framework and by experts responsible for data protection. ISO 27001 strengthens key GDPR areas such as data protection policies and documented procedures, risk assessments, and privacy-by-design principles, access control, and secure processing of personal data, logging, monitoring, and audit trails for accountability, supplier and data processor risk management, incident response, including personal data breach handling.

Crowdpear continues to invest in data protection capabilities and strives to further enhance security and privacy controls in line with evolving GDPR expectations.