We can help with SG Cyber Safe Certification

Featured Case Study:
Hydra X ISO Certifications with Privasec

ISO 27001, ISO 27017 , ISO 27018

Headquartered in Singapore, Hydra X is a FinTech group that offers regulatory-compliant enterprise infrastructure for the capital markets. With the goal to bridge the transition to a Web 3.0 financial ecosystem, Hydra X offers cloud-based solutions that enable interoperability between traditional and digital assets, with a specialisation in providing end-to-end, regulatory compliant infrastructure which covers the lifecycle of the digital capital markets: pre-trade, primary and secondary markets, and post-trade. The solutions have been developed and purpose-built to address the regulatory demands of a robust governing body and their institutional clients.


Hydra X attained the ISO 27001, ISO 27017 and ISO 27018 Certifications, and established a comprehensive and robust Information Security Management System (ISMS) that effectively addresses information security, data privacy and cloud security in accordance with international standards and industry best practices.

As a fintech startup working with institutional clients, many of which are regulated entities, we are committed to being a responsible partner with strong risk management capabilities. The certifications reiterate this commitment and recognise our efforts in developing a strong internal controls framework that is aligned to international standards.

THe ISO standards

ISO 27001

ISO 27001 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) to manage information security efficiently and effectively. 

ISO 27017
ISO 27017 - The Code Of Practice For Information Security Controls Based On ISO 27002 For Cloud Services

As an extension to ISO 27002, the ISO 27017 provides guidelines for information security controls applicable to the provision and use of cloud services. 

ISO 27018
ISO 27018 - The Code Of Practice For The Protection Of PII In Public Clouds Acting As A PII Processors

ISO 27018 provide guidelines for implementing protections for Personal Identifiable Information (PII) in the cloud and sets out controls to protect PII in public cloud computing environments. 

The engagement

As a service provider to clients and partners in the highly regulated finance industry with stringent security and compliance demands, the Hydra X team decided to adopt the ISO 27001, ISO 27017 and ISO 27018 Certifications. This is a commendable milestone that serves as a great testament to their commitment in ensuring a robust security posture and allows them to demonstrate a high level of security assurance. 

Key objectives

Strengthen Existing Accreditation With Internationally Recognised ISO Standards​
Elevate security capabilities and ensure robust cybersecurity within organisation

why privasec

Privasec is an ISO 27001 and ISO 9001 certified independent cyber security consulting firm with a Governance, Risk and Compliance (GRC) team of highly experienced and certified professionals, with an average of 10 years of cyber security consulting experience between them. We have great expertise and a proven track record of implementing an Information Security Management System (ISMS) that is certifiable to ISO 27001. 

The journey was guided by competent consultants who were able to demonstrate their appreciation of a startup environment while still being able to provide guidance to achieve a practical balance of controls to be put in place.

The results:

1. Established A Comprehensive And Robust Information Security Management System (ISMS)
2. Safeguard Data Privacy And Provide Value Add To Customers With Transparency
3. Benchmarked Against International Standards And Compliant With Regulatory Requirements
1. Established a Comprehensive and Robust Information Security Management System (ISMS)

The implementation of the ISO standards enabled Hydra X to elevate and maintain a strong security posture with a tailored set of robust information security policies, processes and controls aligned to international standards. In this engagement, Privasec consultants worked closely with the Hydra X team to provide detailed implementation guidance on areas such as: 

  • Risk and gap assessments to identify areas of improvement
  • Reviews, updates and creation of the relevant documents like agreements, contracts, policies, and frameworks 
  • Security Governance framework that outlines accountability and responsibility of the different stakeholders 

In addition, as outlined in ISO 27017 – The Code Of Practice For Information Security Controls Based On ISO 27002 For Cloud Services, Hydra X ensured confidentiality, integrity, and availability of its information and mitigates the associated risk of their cloud services, with the following but not limited to:

  • Having clear definitions and distinctions of the roles and responsibilities which is critical under the Shared Responsibility Model for the Cloud 
  • Having policies detailing the security for multi-tenancy to ensure the segregation of tenants in the virtual computing environment and isolation of customers’ data

Hence, by establishing an ISO 27001 Certified ISMS, with the extensions of ISO 27017 and ISO 27018, Hydra X adopts a comprehensive framework to effectively manage and ensure information security, data privacy and security as a cloud service provider. This allows Hydra X to demonstrate a high level of security assurance and provide a secure and compliant cloud service offering that meets its clients’ compliance and security requirements. 

2. Safeguard Data Privacy and Provide Value Add To Customers​ With Transparency

The ISO 27018, The code of practice for the protection of PII in public clouds acting as a PII processors, has principles that are similar to the Personal Data Protection Act in terms of the handling of personal data, including consent, transparency and the right to be forgotten. This has helped Hydra X improve their security posture and implement additional controls to ensure privacy of personal data in their cloud services. Furthermore, policies and processes are established to provide transparency to its clients as a Cloud Service Provider/ PII Processor, in compliance with regulations and industry best practices.

Following the standards, Privasec consultants assisted Hydra X to review and update all of its communication documents and presentation collaterals with the aim to provide and ensure clarity of their cloud service capabilities and security features as a cloud service provider. This includes service monitoring capabilities and the features provided, like Multi-Factor Authentication (MFA), secure coding capability, monitoring and alert, general tech architecture structure and back up, etc. 

3. Benchmarked against International Standards and Compliant with Regulatory Requirements

The ISO Series – ISO 27001, ISO 27017, and ISO 27018 are internationally recognised standards that provide guidelines and industry best practices to ensure top-level information security, data privacy and cloud security. Hydra X’s attainment of these ISO Certifications is an excellent testament to its commitment to ensuring information security and protecting sensitive data in accordance with international standards.

In this engagement, the Privasec consultants worked closely with the Hydra X team to establish an effective and fully functional ISMS per the ISO Series. The implementation was bespoke to complement Hydra X’s existing security infrastructure and address regulatory compliance needs.

Some examples include:

  • Detailed documentation aligned with the Monetary Authority of Singapore’s (MAS) Technology Risk Management (TRM) Guidelines for Third-party Outsourcing and Robust Third-party due diligence
  • Review and update policies, processes and controls following the Personal Data Protection Act regarding personal data collection, use and disclosure

With these, Hydra X was able to provide its customers with a higher level of security assurance and ensured compliance with regulatory requirements. 


As a leading cybersecurity consultancy organisation with great expertise in implementing ISO standards, we are glad to assist and support Hydra X in their journey of adopting a series of ISO Standards – ISO 27001, ISO 27017 and ISO 27018. 

The attainment of these certifications serves as a testament to HydraX’s commitment in ensuring world-class security for their technology and processes. By establishing a comprehensive and robust Information Security Management System (ISMS) aligned to these standards, Hydra X is able to better protect and manage their clients’ data in the aspects of information security, data privacy and cloud security. 

This was a remarkable engagement with Hydra X implementing an Information Security Management System (ISMS) spanning across requirements from different ISO standards – ISO 27001, ISO 27017 and ISO 27018. I had a great experience working with the Hydra X team, and the support and commitment from the team made this engagement a successful one.

Our Credentials

Related Posts:
Scroll to Top