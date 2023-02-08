CRED, a FinTech commerce company launched in 2018, provides its members with a distinguished FinTech experience through elegant financial services and delightful lifestyle features. It has a strong ethos of meeting member demands, and the #SecurityFirst culture at CRED has been ingrained from the inception.
CRED has been a member of the BSIMM community since early 2022. By undergoing a BSIMM assessment, CRED wanted to identify, and if necessary, correct any maturity gaps before proceeding with further growth.
The security team at CRED strongly believes in building a great team of engineers, as well as the importance of establishing a solid information security presence. The team is involved in the research and development of CRED’s ever-growing security ecosystem. CRED’s security team has successfully implemented
CRED’s security team is only three years old, and its security posture is reaching that of organizations further along in their security journey. The average age of organizations that scored near CRED in the BSIMM assessment is 9.6 years. CRED could be considered one of the industry’s few young companies with this level of maturity.
Figure 1: BSIMM score distribution
CRED’s BSIMM assessment helped its security team identify areas of potential growth and gain deep insights into maturity gaps in its internal processes. Figure 2 shows CRED’s current posture measured against multiple disciplines of security that are used as yardsticks for the BSIMM assessment, compared to an average of organizations that have already been assessed under BSIMM.
Figure 2: CRED compared to the average of other BSIMM assessments
As part of CRED’s BSIMM assessment process, assessors met with multiple CRED stakeholders from different teams, which helped them understand CRED’s working processes. Discussions during the assessment emphasized that software release cycles go hand-in-hand with thorough security review processes. And CRED’s #SecurityFirst culture includes additional activities like security hackathons and advanced learning sessions that keep the overall security posture maturing and growing.
