Weel wins security certifications & launches Trust Centre

Weel has obtained SOC 2 Type 1, SOC 2 Type 2 and ISO 27001:2022 certifications, giving the expense management company independent validation of its security and information management controls.

The Australia and New Zealand fintech said the certifications cover the systems, controls and processes it uses to protect customer data and support financial operations. It has also launched a Trust Centre to give customers and partners information on its security, compliance and operational practices.

The certifications come as finance teams face growing pressure to modernise legacy expense processes without weakening oversight of company funds and sensitive information. Businesses are also placing greater emphasis on vendor assurance, data security and operational transparency when selecting finance software suppliers.

SOC 2 is an assurance framework commonly used by technology and cloud companies to assess controls related to security, availability, confidentiality, processing integrity and privacy. ISO 27001 is an international standard for information security management systems, setting out a structured approach to handling sensitive company and customer information.

Work on the certifications involved teams across engineering, product, operations, finance and compliance. The process included reviewing and updating internal controls, governance, risk management, access management, incident response and ongoing monitoring across the platform and broader business.

Damon Hauenstein, chief financial officer and chief operating officer at Weel, described the achievement as part of a broader security and compliance programme.

"Trust has always been foundational at Weel. From day one, we've taken a deliberate approach to how we protect customer data, secure funds and operate as a financial platform," Hauenstein said.

"Achieving SOC 2 and ISO 27001 is an important milestone, but more importantly, it reflects how we have built the business from the ground up. Security and compliance have not been treated as separate workstreams. They are embedded in how our teams design products, support customers and operate every day."

Customer scrutiny

For finance, IT and security teams, certifications such as SOC 2 and ISO 27001 often play a role in procurement, due diligence and ongoing vendor reviews. That scrutiny has increased as more organisations adopt automated finance tools and connect them to wider business systems.

Hauenstein said the work was especially relevant as finance leaders seek faster month-end processes and better internal tools while maintaining control.

"Finance leaders are under pressure to move faster, close the month sooner and give their teams better tools, but they cannot compromise on control," he said.

"Our customers rely on Weel to manage spend, issue virtual corporate cards, automate approvals and provide real-time visibility across their organisations. That means we need to earn their trust not just through product experience, but through the strength of the controls and governance behind the platform."

Achieving both frameworks should give customers and partners greater confidence in how Weel manages risk as it expands. Maintaining the standards will require continuous monitoring, audits and regular updates to internal processes.

"These frameworks require continuous monitoring, regular audits and ongoing improvement," Hauenstein said.

"This is not a point-in-time exercise. It is part of how we operate as we scale. The standards set a high bar, and maintaining that bar requires discipline across the entire organisation."

Weel said it serves more than 4,000 organisations across Australia and New Zealand. It positions the certifications as a marker of operational maturity as customers hand over more critical finance workflows and financial data to software providers.

Trust centre

The newly launched Trust Centre is intended to give customers and prospective customers a single place to review information on the company's approach to security and compliance. The aim is to make security reviews, vendor assessments and procurement checks easier to complete.

Hauenstein linked the launch to broader demand from buyers of finance technology for greater transparency.

"Transparency is an important part of trust," he said.

"We want customers and partners to have a clear view of the work we are doing behind the scenes. Launching the Trust Centre gives them a central place to access information about our security, compliance and operational practices, including our SOC 2 and ISO 27001 certifications, and reinforces our commitment to being open about how we manage risk."

He said stronger security and compliance expectations are likely to continue as finance operations become more automated and connected across organisations.

"The future of finance operations is more automated, more connected and increasingly real-time," Hauenstein said.

"That creates enormous opportunity for finance teams, but it also raises the standard for the platforms they choose. Customers want to know that innovation is being delivered responsibly. For us, that means continuing to invest in security, compliance and transparency alongside product innovation."