Finspo now uses Jira to maintain HIPAA compliance and build trust with their users
See how Quirk helped them get there
Quick Facts
- Industry: Financial Technology (Fintech)
- Challenge: Non-compliant work tracking systems blocking ISO-27001 certification
- Solution: ISO-27001 compliant Atlassian suite with Azure AD integration
- Outcome: Achieved ISO-27001 certification and CDR accreditation readiness
Executive Summary
Finspo, an innovative Australian fintech company, needed to transform their work management approach to meet stringent regulatory requirements for open banking. With their existing tools falling short of ISO-27001 standards, they required a secure, traceable system that would support their journey toward Consumer Data Right (CDR) accreditation. Quirk implemented a comprehensive Atlassian suite that not only met compliance requirements but also enhanced operational efficiency through secure, streamlined workflows.
The Challenge: Breaking Free from Non-Compliant Systems
Initial State
When Finspo approached Quirk, they faced significant security and compliance challenges in their work management practices. Their existing setup relied on a basic Trello implementation that lacked essential security controls, making it inadequate for a growing fintech operation. Work management processes provided limited traceability, creating potential compliance risks and audit concerns.
The absence of compliant workflows was particularly problematic as it directly hindered their pursuit of ISO-27001 certification. Security processes were largely manual, increasing operational risk and consuming valuable team time. Adding to these concerns, their insufficient access controls for sensitive operations put them at odds with financial services regulatory requirements.
Transformation Goals
With their sights set on growth, Finspo established clear transformation goals. Achieving ISO-27001 certification was paramount, as was establishing readiness for Consumer Data Right (CDR) accreditation. They needed to implement secure, traceable workflows that would satisfy regulatory requirements while establishing robust access controls across their operations. Crucially, they needed to accomplish all of this while maintaining operational efficiency – ensuring compliance couldn’t come at the cost of agility.
Our Approach: Engineering Trust Through Technology
Discovery Phase
Our partnership with Finspo began with a comprehensive compliance assessment phase. We conducted a detailed analysis of their existing practices against ISO-27001 requirements, identifying specific gaps that needed to be addressed. Working closely with their security team, we mapped out how security control requirements could be effectively embedded within their work management processes.
A critical part of this initial phase involved identifying integration points with Finspo’s existing security infrastructure to ensure a cohesive security posture. Through extensive stakeholder engagement, we documented both regulatory requirements and compliance objectives, creating a clear roadmap for certification readiness.
Solution Design
With this thorough understanding established, we moved into solution design. At the core of our approach was architecting a secure Atlassian environment that would meet Finspo’s stringent security needs. We designed workflows that not only supported efficient operations but also satisfied ISO-27001 compliance requirements. The integration with Azure AD was carefully planned to provide robust access control, while our comprehensive security control framework ensured all regulatory requirements would be met.
Implementation: Architecting a Compliant Foundation
Rolling out Finspo’s secure work management solution required meticulous attention to both technology selection and process design.
Technology Stack
We built the solution around a carefully selected suite of security-focused tools. Jira provided the foundation for secure work tracking, ensuring every task and change was properly logged and traceable. Confluence was implemented for documentation management, creating a secure repository for policies, procedures and compliance records. For source code management, Bitbucket provided a secure repository with comprehensive audit capabilities. The solution was anchored by Azure AD for robust identity management, with SSO enabling unified and secure access control across all platforms.
Process Transformation
The technology implementation was matched with comprehensive process changes designed to embed security at every level. We implemented secure end-to-end workflows that maintained compliance without compromising efficiency. New audit-ready tracking systems were established, ensuring every action could be traced and verified as needed.
Code management processes were redesigned with compliance in mind, implementing proper controls and reviews while maintaining development velocity. Throughout all systems, we integrated security controls that provided protection while remaining transparent to users, ensuring security enhanced rather than hindered productivity.
Results: From Security Risk to Industry Standard
The transformation of Finspo’s work management environment delivered significant achievements across compliance, operations, and business outcomes.
Compliance Achievements
From a compliance perspective, the results were substantial. Finspo successfully achieved their ISO-27001 certification, a critical milestone in their growth journey. The new system significantly enhanced their readiness for CDR accreditation while ensuring alignment with AFSL and ACL compliance requirements. The comprehensive security framework put in place provided a solid foundation for maintaining these standards moving forward.
Operational Improvements
Operational improvements were equally impressive. Work tracking processes became more streamlined while maintaining complete traceability across all operations. Access control management was enhanced through automated systems, significantly reducing administrative overhead. Security controls were automated wherever possible, reducing the risk of human error while improving efficiency.
Business Impact
The business impact of these changes was clear and far-reaching. Overall compliance risk was substantially reduced, while the path to regulatory certification was significantly accelerated. Despite implementing stronger controls, operational efficiency improved rather than being compromised. Perhaps most importantly, Finspo’s enhanced security posture positioned them strongly for continued growth in the highly regulated fintech sector.
Client Perspective
“Partnering with Quirk to develop our Atlassian-based suite for work tracking and code management was a crucial decision for us.
Their deep understanding of both the business and technical space led to a seamless integration that significantly enhanced our security framework to align with our AFSL and ACL requirements.”
Gabriel Martinez, Chief Technology Officer – Finspo
Looking Forward
Finspo now has a robust foundation for maintaining compliance as they scale:
- Sustainable compliance processes
- Automated security controls
- Scalable work management
- Future-ready infrastructure
Start Your Path to Clarity
What our clients say about us.
Our client’s satisfaction is at the heart of everything we do. Here are some words of appreciation from those who have experienced the Quirk difference.
Transforming Industries with Innovative Solutions
We have collaborated with forward-thinking companies, revolutionising their industries through our cutting-edge solutions and transformative approaches.
Ready to modernise your organisation?
Modern work is complex, but managing it doesn’t have to be. We specialise in helping organisations turn operational complexity into streamlined, visible workflows that drive better business outcomes. Whether you’re struggling with resource allocation, project visibility, or system integration, we can help you build a more efficient, scalable way of working.
Let’s have a conversation about your unique challenges and how we can help you solve them.
