December 23, 2024

Here’s what SOC 2 compliance audits mean for crypto projects

While the audit demonstrates trust and transparency, Eric Lister from audit firm A-LIGN explained that it does not improve business systems.

While a series of global incidents severely damaged trust in the crypto space, some still hope to regain this trust by going through processes that assure compliance with certain business standards, like the proper handling of customer data. 

Several firms have published press releases to announce their compliance with the service and organization controls (SOC) 2 type 2 audit, which was created to attest to the security and data-handling prowess of their firms.

To learn more about what this type of security audit means for the industry, Cointelegraph reached out to Eric Lister, the director of service delivery at audit firm A-LIGN.

In a statement, Lister highlighted some of the elements A-LIGN is looking for during this audit, what this means for the crypto space, and how this helps crypto companies to do better. According to Lister: “At a very basic level, we are looking for policies and procedures that outline routine business procedures that guide the operation of the business.” 

In addition, the auditors look for documentation showing controls that ensure the procedures are operating effectively, as well as the protection of the firm’s system and its corresponding data. He said:

“Crypto faces a challenge with news of control issues at exchanges in the past 12 months. SOC 2 audits allow crypto companies to demonstrate trust and transparency with customers, especially when it comes to safeguarding customer data and assets.”

Lister noted that the successful SOC 2 audit would show data and system security. Moreover, the executive said it would also attest to security over customer funds which is the topmost concern of customers and government agencies.

Related: BitGo completes further SOC 2 compliance certification year after Deloitte award

While the audit provides assurances, Lister clarified that it does not improve business systems. “The SOC certification does not improve business systems, but it gives comfort to users and interested parties that controls are in place and operating effectively,” he explained.

Many prominent crypto companies have already passed this audit process. On July 6, crypto lending firm Nexo said that it had strengthened its data security by passing this process. According to Nexo, this event is a new milestone that enhances user security within their platform.

In 2022, crypto exchange crypto.com also announced that it passed the SOC 2 type 2 audit. Back then, the firm highlighted that passing the audit proves its commitment to meeting highly regulated standards. 

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: Tornado Cash 2.0: The race to build safe and legal coin mixers

Please enter CoinGecko Free Api Key to get this plugin works.