Stransact, a professional services firm and RSM correspondent in Nigeria, together with its technology subsidiary, Doftwerks, has achieved ISO/IEC 27001:2022 certification, a globally recognised standard for Information Security Management Systems.

The certification affirms the firms’ adherence to international standards for data protection, confidentiality, integrity, and availability, positioning Stransact and Doftwerks in the delivery of enterprise-grade compliance solutions supporting Nigeria’s Nigeria Revenue Service E-invoicing mandate, according to a statement on Tuesday.

ISO/IEC 27001:2022 is regarded as a benchmark for information security governance, requiring organisations to implement controls across people, processes, and technology. The certification confirms that Stransact and Doftwerks have established a framework to identify, manage, and mitigate information security risks across their operations.

“ISO/IEC 27001:2022 certification is not a badge; it is an operating discipline,” said the Managing Partner at Stransact, Eben Joels.

“For our clients—particularly CFOs, CIOs, and compliance leaders—this provides board-level assurance that sensitive financial and transactional data is protected in line with the most demanding global standards. It also reinforces our commitment to supporting the NRS E-invoicing regime with solutions that are not only compliant but secure by design.”

As Nigeria advances the implementation of mandatory electronic invoicing, data security and system resilience have become critical concerns for businesses operating at scale. Through Doftwerks, Stransact delivers technology-enabled compliance solutions that integrate with enterprise finance systems while meeting regulatory and security expectations.

“Security is foundational to trust in any digital tax infrastructure,” said the Chief Technology Officer at Doftwerks, Tunde Awopegba. “This certification validates the robustness of our platforms and internal controls and gives clients confidence that their data is handled with the same level of care expected in leading global markets.”

The ISO/IEC 27001:2022 certification provides benefits to organisations engaging Stransact and Doftwerks, including regulatory confidence in meeting NRS E-invoicing and broader data protection expectations, reduced information security risk across financial and transactional data, governance and controls aligned with international practices, and assurance for boards, investors, and regulators on data integrity and confidentiality.

By embedding information security into service delivery and technology architecture, Stransact and Doftwerks said they aim to strengthen their position at the intersection of regulation, technology, and risk management.