Leading crypto firm offering a variety of hardware wallet solutions, Ledger, has obtained a successful SOC ‘System and Organization Controls’, Type 1 test.
The New York-based firm, Friedman LLP, ran the SOC 2 Type 1 test on Ledger, consistent with the official press-release:
“By securing the SOC 2 Type 1 report, we are now ready to provide a further layer of verified security to our users, assuring that the Vault solution is secured in all times which we have the processes in situ to ensure availability.”
A cryptocurrency storage solution for leading players & firms, Ledger Vault operates as a custody wing beneath the broader Ledger firm.
The SOC 2 exam analyzes a firm’s security by way of an audit, verifying the right handling of user data by service-based entities. “As a symbol of compliance to the AICPA auditing procedure, SOC 2 Type 1 report reveals that a SaaS [software-as-a-service] firm has best practices in situ,” a blog post from RSI security added. “It gives potential users the reassurance that a service organization has passed the auditing procedure, & their personal information is safe if they work with the SOC 2-compliant firm,” the official post added.
Additionally, a SOC 2 Type 2 exam raises the bar, testing against more in-depth standards while requiring an extended time horizon for a green light.
Within the SOC 2 Type 1 analysis, Friedman investigated Ledger on several levels, including its disaster recovery strategy and its security, also as a number of other technical specifics. “Receiving this attestation is an achievement as it demonstrates that our processes and systems are streamlined, documented & overall secure,” Ledger’s CTO Charles Guillemet added within the statement. Next year, the firm aims toward securing a SOC 2 Type 2 approval, consistent with comments within the statement from Ledger CEO Pascal Gauthier.
The examination approval comes after Ledger suffered a database leak several months ago, that exposed user data. The renowned hardware wallet firm fixed the basis of the problem following the incident. I