InDebted’s technology platform is designed to facilitate debt collection for businesses while providing tools for customers to manage the repayment of their overdue accounts in the most convenient and empathetic manner possible.
Fuelled by machine learning, InDebted’s intelligent platform gives businesses the power to take a truly modern and customer-first approach to collections on a global level. By using InDebted to deliver tailored experiences and personalised communications on customers’ preferred digital channels, businesses can maintain positive relationships with their customer base while increasing the success rate of recoveries.
InDebted’s concept of empathetic debt collection and focus on improving the consumer experience of debt has also received significant recognition from customers themselves. With over 2,000 4.9-star Google customer reviews, they are the highest rated collections agency in the world.
The Business Challenge
InDebted has grown exponentially over the last five years, now operating in a multitude of regions including Australia, New Zealand, Canada, the United States, and the United Kingdom, each of which has its own regulatory standards. InDebted’s licensing, legal, regulatory, and privacy obligations differ depending on the region of operation, making accreditation under the internationally recognised ISO 27001 the gold standard.
ISO 27001 details the requirements for organisations in establishing, implementing, and maintaining the continuous improvement of Information Security Management Systems (ISMS), with the aim of ensuring that business and customer information is held securely. To provide guidance to organisations on how to implement the security controls that are listed in Annex A of ISO 27001, ISO 27002 is used concurrently. A new iteration of ISO 27002 was published in February 2022 and a revised version of ISO 27001 was published last October. ISO accreditation is mandatory in some markets and voluntary in others. By adhering to such standards in regions where they are not required by law, companies like InDebted demonstrate their commitment to information security. The result is an increased customer base due to greater recognition as a reputable business with enhanced brand equity and trust.
With the goal of becoming accredited under ISO 27001 and maintaining compliance with future alterations to the standards, the InDebted engineering team identified necessary cloud-related improvements to be made to the platform. InDebted required an experienced and dedicated platform/DevOps team to collaborate for the implementation of the changes while concurrently assisting them to prepare for expansion into other AWS regions. InDebted chose DNX Solutions to be their AWS Advanced partner due to the team’s extensive experience building a cloud infrastructure that is compliant with a range of Australian standards, including SOC 2 and ISO.
Delivering infrastructure compliant with ISO 27001 and SOC 2 in just two months
The DNX team performed a review of InDebted’s existing infrastructure and business objectives, resulting in a clear roadmap outlining phases, cost, timeframe, priorities, and next steps, allowing the InDebted team to continue using AWS best practices and the newest techniques for application development.
The solution proposed was to deploy a number of Citadel modules; Citadel is a Well-Architected cloud platform compliant with CDR, HIPAA, PCI DSS, SOC 2, and ISO 27001 standards, providing security for applications, data, and customers. All Citadel components are built with infrastructure-as-code, providing complete control and flexibility over their cloud, enabling InDebted with better targeting of areas of improvement already identified by their existing compliance automation tool. With a collaborative effort by InDebted and DNX’s engineering teams, InDebted’s infrastructure is segregated into different accounts and isolated on different levels such as computing with the use of Lambdas, Message with SQS, NoSQL with DynamoDB, and monitoring and alerts with Cloudwatch.
By leveraging the prior experience and making use of repeatable solutions, DNX can drastically reduce time to market for clients and, in the case of InDebted, reduce time to global expansion. The Agile approach used by DNX saw the InDebted team’s work organised into timeboxes focused on value delivery, and employing sprints with a duration of two weeks. This approach resulted in increased agility and constant delivery of value to the client.
AWS Services Used
By leveraging some Citadel modules and bespoke IaC work, DNX worked in collaboration with InDebted’s own engineering team to provide a secure cloud platform compliant with SOC 2 and ISO 27001 in a drastically reduced timeframe. This Well-Architected secure foundation applies high-level security in all layers and utilises automation to ensure increased security and data protection is maintained through continuous best practices.
Increased Speed of Expansion
Barriers to InDebted’s global expansion have been removed through the development of a compliant-ready environment that can be easily and quickly adapted to meet different regional regulations.
AWS cloud and a foundation built with infrastructure-as-code allow InDebted to scale up and down quickly and as needed. By having the required resources available without the need for prior planning, staff productivity is increased and barriers to business growth are removed.
In less than five years, InDebted has transformed from a startup to a global industry leader with their customer-focused and digitally-driven approach to debt collection. The delivery of tailored experiences fuelled by machine learning increases debt recovery success rates for businesses while upholding the values of flexibility and empathy for customers. To increase agility and global reach, DNX worked in collaboration with InDebted’s engineering team to deliver a secure cloud infrastructure compliant with ISO 27001, enabling InDebted to meet nuanced regional regulations with speed and ease.
Having achieved ISO 20071 accreditation, InDebted is now ready to further expand their operations while continuing to demonstrate its dedication to information security through automated updates and Citadel Managed Services. Throughout the project, DNX also ensured the sharing of knowledge required for the InDebted team to efficiently manage their new environment, now and in the future.