In order to ensure the security of its customers, the Kraken cryptocurrency exchange successfully passed an external audit, which included an assessment and investigation of its internal control. This is required by the requirements of the American Institute of Certified Public Accountants AICPA. The procedure was carried out according to SOC-2 according to the standard of requirements of the first type.
What is a SOC-2 of the first type
This audit is a study of internal control. It is conducted by a freelance specialist who is not connected with the company in any way. The audit is aimed at investigating the security of both the company's systems and its data. The audit indicates that the cryptocurrency exchange has used all the necessary control tools to ensure the necessary level of protection of its users' data and finances.
During the execution of the work, an independent specialist used the criteria of the AICPA trust service in accordance with the AICPA Code of Professional Conduct.
These criteria are based on five main points:
- Safety.
- Available.
- Processing integrity.
- Confidentiality.
- Privacy.
At the same time, each category contains a certain number of parameters that the company being checked must adhere to. At the same time, their list depends on the scope of the audit. The company has developed parameters to help other firms find and get rid of possible risks and vulnerabilities in information systems. The audited companies are additionally required to show that they have integrated all the required control tools to ensure the required level of protection of their information systems from malicious access, involvement or disclosure of user and company data.
What does the SOC-2 Type I audit provide for users?
For users of the Kraken cryptocurrency exchange, the completion of the SOC-2 Type I exam means that the company is committed to the principles of security and provides reliable protection of personal data and funds of its customers.
It follows from the audit report that the Kraken crypto exchange has achieved all the necessary requirements for SOC-2 Type I indicators according to the established ones. Therefore, the site is safe and accessible as Trust Services according to the definition of AICPA. The report reviewed the financial services of the crypto exchange and ways of storing them.
The crypto exchange also commented on the experts' report on the audit. In their opinion, the document confirms that the site has exceptional internal security and accessibility controls.
The provided answer suggests that the exchange actually uses all the tools to ensure security at the global level. When meeting the SOC-2 requirements of the first type, the exchange has proven that it uses methods to ensure security in accordance with international quality standards.
The Exchange also noted that it is extremely important for it to support the assessments of independent auditors and bodies that confirm the high quality standards of protection and security provided to users. The representative also said that the exchange will continue to improve its own security, accessibility and confidentiality, and that all interested parties continued to trust the crypto exchange.
According to the representative, the audit was carried out for many months. It was cross-functional and several teams participated in the verification.
The Exchange will continue to continuously improve its control program. Also, NA is going to continue investing in innovative security solutions to ensure its high level in all conditions.
