Data security compliance is a significant overhead for any financial services firm. While you are trying to focus on your business, you
need to keep one eye on ever-changing regulations. Critical information security and compliance outsourcing arrangements with third parties must be
conducted with careful oversight and contingency.

Maintaining financial services information security isn't just about protecting your business. It’s a key part of your data security compliance obligations.
Working with a third-party supplier who has poor security standards could open your organisation to new threats.

With Lanware’s approach to Information Security & Compliance, you can outsource your IT compliance with confidence, using compliant
services that will lower your risks - not increase them.

Information Security

Working exclusively with FCA-regulated clients, Lanware puts ISO data security in the spotlight.

Every service we provide, every partner we select, and every colleague that joins our team
– they’re all linked by a focus on information security.

An independently assessed security system

Our Information Security Management System (ISMS) is audited by the British Standards Institute (BSI) and certified
to the ISO 27001 standard – an internationally recognised best practice management standard for information
security. Only one in every 2,500 UK private sector businesses have achieved such a high standard.

The key principles of the ISMS are:


The context with which we operate, including internal and external factors and relationships with third parties.


The active role of leadership, with accountability for information security and the Managing Director having overall responsibility.

Risk Management

The 114 security controls that protect the confidentiality, integrity, and availability of information.

Employee Awareness

How employees are trained and tested in information security.

Business Continuity

The continuity and contingency plans that ensure security in the event of a disaster.


How we monitor, measure, and evaluate our security to ensure it meets the appropriate standards.


The continual improvement of the suitability, adequacy, and effectiveness of the ISMS – a core principle of ISO27001.

Fully compliant with ISO27001 controls
Lanware’s ISMS is audited for compliance with 114 controls across 14 areas, including:

  • Information Security Policy
  • Organisation of Information Security
  • Human Resources Security
  • Asset Management
  • Access Control
  • Cryptography
  • Physical and Environmental Security
  • Operations Security
  • Communications Security
  • System Acquisition, Development and Maintenance
  • Supplier Relationships
  • Information Security Incident Management
  • Business Continuity
  • Compliance

Security and compliance at every level
With Lanware, every aspect of your infrastructure is hosted in an enterprise-grade datacentre. There, it is managed and monitored by experts in information security, under an ISO 27001 certified Information Security Management System (ISMS).


Your cloud-based infrastructure is located in a redundant, highly available, and highly secure datacentre from Level 3 Communications.


Users can access their secure desktop from anywhere, allowing them to work flexibly.


Every application is patched to protect against latest vulnerabilities, managed and controlled in a single centralised instance.

Backups & Disaster Recovery

Data is replicated at distinct geographic locations, avoiding the risk of complete loss in the event of a local data disaster.

All managed on your behalf and monitored around the clock.


At Lanware, we know how important it is to remain compliant with regulations – even when you outsource aspects of your technology. That’s why we’ve focused on the financial services sector, and developed services to meet FCA regulation on critical outsourcing arrangements. So you can remain in control and in line with your compliance obligations.

"Thanks to Lanware's focus on the financial sector, the service is designed to operate within FCA regulatory guidelines on outsourcing arrangements. There are robust disaster recovery capabilities, we have full confidence in our security management, audit processes and have an exit plan in place"

Susan Cave, Project Manager
Aerion Fund Management

Supporting your compliance requirements

To ensure you remain compliant, our workflow and reporting is based on
complete transparency and unrivalled visibility.

Assessing Ability
We provide the tools you need to assess our performance in delivering your services, in both a technical and financial sense.

We also give you full oversight of our risk management systems, and how we could deal with emergencies or disasters.

Robust Agreement
Our extensive agreement gives you everything from clearly-defined service levels to confidentiality assurances, clear asset ownership, and a comprehensive exit plan.

The agreement also gives you our commitment to work with the regulator in reviewing any outsourced activities.

Complete Auditing
We record every activity associated with your account, your services, or your data.

As a result, you’ll get a complete audit trail, with provisions in place to help you satisfy internal and external audits.

So you can outsource to a
partner with policies that meet
– and often exceed –
compliance standards
including FCA,
Sarbanes-Oxley, and the PCI.