While the audit demonstrates trust and transparency, Eric Lister from audit firm A-LIGN explained that it does not improve business systems.
While trust in the crypto space was severely damaged by a series of global incidents, some still hope to regain this trust by going through processes that provide assurances of compliance with certain business standards like the proper handling of customer data.
A number of firms have published press releases to announce their compliance with the Service and Organization Controls (SOC) 2 Type 2 audit, which was created to attest to the security and data-handling prowess of their firms.
To learn more about what this type of security audit means for the industry, Cointelegraph reached out to Eric Lister, the director of service delivery at audit firm A-LIGN, to see what this type of certification could do for crypto companies.
In a statement, Lister highlighted some of the elements they're looking for during this audit, what this means for the crypto space and how this helps crypto companies to do better. According to Lister: “At a very basic level, we are looking for policies and procedures that outline routine business procedures that guide the operation of the business.”
In addition, the auditors look for documentation that shows controls that ensure that the procedures are operating effectively and are ensuring the protection of the firm’s system and its corresponding data. He said:
“Crypto faces a challenge with news of control issues at exchanges in the past 12 months. SOC 2 audits allow crypto companies to demonstrate trust and transparency with customers, especially when it comes to safeguarding customer data and assets.”
Lister noted that the successful SOC 2 audit would show data and system security. Moreover, the executive said that it would also attest to security over customer funds which is the topmost concern of customers and government agencies.
Related: BitGo completes further SOC 2 compliance certification year after Deloitte award
While the audit provides assurances, Lister clarified that it does not improve business systems. “The SOC certification does not improve business systems, but it gives comfort to users and interested parties that controls are in place and operating effectively,” he explained.
Many prominent crypto companies have already passed this audit process. On July 6, crypto lending firm Nexo said that it has strengthened its data security by passing this process. According to Nexo, this event is a new milestone that enhances user security within their platform.
️ Nexo is now SOC 2 Type 2 compliant, as audited by @aligncompliance.
— Nexo (@Nexo) July 6, 2023
The independent examination attests to our processes’ alignment with the most rigorous data privacy and protection standards worldwide.
Advancing our commitment to your peace of mind.https://t.co/HC82oXFSNB
In 2022, crypto exchange crypto.com also announced that it passed the SOC 2 Type 2 audit. Back then, the firm highlighted that passing the audit proves its commitment to meeting highly regulated standards.
Magazine: Tornado Cash 2.0: The race to build safe and legal coin mixers