Here’s what SOC 2 compliance audits mean for crypto projects
2 min readWhile a series of global incidents severely damaged trust in the crypto space, some still hope to regain this trust by going through processes that assure compliance with certain business standards, like the proper handling of customer data.
Several firms have published press releases to announce their compliance with the service and organization controls (SOC) 2 type 2 audit, which was created to attest to the security and data-handling prowess of their firms.
To learn more about what this type of security audit means for the industry, Cointelegraph reached out to Eric Lister, the director of service delivery at audit firm A-LIGN.
In a statement, Lister highlighted some of the elements A-LIGN is looking for during this audit, what this means for the crypto space, and how this helps crypto companies to do better. According to Lister: “At a very basic level, we are looking for policies and procedures that outline routine business procedures that guide the operation of the business.”
In addition, the auditors look for documentation showing controls that ensure the procedures are operating effectively, as well as the protection of the firm’s system and its corresponding data. He said:
“Crypto faces a challenge with news of control issues at exchanges in the past 12 months. SOC 2 audits allow crypto companies to demonstrate trust and transparency with customers, especially when it comes to safeguarding customer data and assets.”
Lister noted that the successful SOC 2 audit would show data and system security. Moreover, the executive said it would also attest to security over customer funds which is the topmost concern of customers and government agencies.
Related: BitGo completes further SOC 2 compliance certification year after Deloitte award
While the audit provides assurances, Lister clarified that it does not improve business systems. “The SOC certification does not improve business systems, but it gives comfort to users and interested parties that controls are in place and operating effectively,” he explained.
Many prominent crypto companies have already passed this audit process. On July 6, crypto lending firm Nexo said that it had strengthened its data security by passing this process. According to Nexo, this event is a new milestone that enhances user security within their platform.
️ Nexo is now SOC 2 Type 2 compliant, as audited by @aligncompliance.
The independent examination attests to our processes’ alignment with the most rigorous data privacy and protection standards worldwide.
Advancing our commitment to your peace of mind.https://t.co/HC82oXFSNB
— Nexo (@Nexo) July 6, 2023
In 2022, crypto exchange crypto.com also announced that it passed the SOC 2 type 2 audit. Back then, the firm highlighted that passing the audit proves its commitment to meeting highly regulated standards.
Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.
Magazine: Tornado Cash 2.0: The race to build safe and legal coin mixers