This site is reader-supported. When you click through links on our site, we may be compensated.
“By obtaining the SOC 2 Type 1 report, we are now able to provide an additional layer of verified security to our clients, assuring that the Vault solution is secured at all times and that we have the processes in place to ensure availability.”
The SOC 2 exam analyzes a company's security by way of an audit, verifying the proper handling of customer information by service-based entities. “As a proof of compliance to the AICPA auditing procedure, SOC 2 Type 1 report shows that a SaaS [software-as-a-service] firm has best practices in place,” a blog post from RSI security explained. “It gives potential customers the assurance that a service organization has passed the said auditing procedure, and that their data is safe if they work with the SOC 2-compliant company,” the post added.
During the SOC 2 Type 1 analysis, Friedman investigated Ledger on a number of levels, including its disaster recovery strategy and its security, as well as a host of other technical specifics. “Receiving this attestation is an achievement as it shows our processes and systems are streamlined, documented and overall secure,” Ledger's chief technology officer, Charles Guillemet, said in the statement. Next year, the company aims toward securing a SOC 2 Type 2 approval, according to comments in the statement from Ledger CEO Pascal Gauthier.
The exam green light comes after Ledger suffered a database leak several months ago, which exposed customers' information. The popular hardware wallet company fixed the root of the problem following the incident.
Crypto exchange Gemini announced that it had similarly passed its SOC 2 Type 2 test in January 2020.