Here’s what SOC 2 compliance audits mean for crypto projects

cointelegraph.com:

While a series of global incidents severely damaged trust in the crypto space, some still hope to regain this trust by going through processes that assure compliance with certain business standards, like the proper handling of customer data. 

Several firms have published press releases to announce their compliance with the service and organization controls (SOC) 2 type 2 audit, which was created to attest to the security and data-handling prowess of their firms.

To learn more about what this type of security audit means for the industry, Cointelegraph reached out to Eric Lister, the director of service delivery at audit firm A-LIGN.

In a statement, Lister highlighted some of the elements A-LIGN is looking for during this audit, what this means for the crypto space, and how this helps crypto companies to do better. According to Lister: “At a very basic level, we are looking for policies and procedures that outline routine business procedures that guide the operation of the business.” 

In addition, the auditors look for documentation showing controls that ensure the procedures are operating effectively, as well as the protection of the firm’s system and its corresponding data. He said:

Lister noted that the successful SOC 2 audit would show data and system security. Moreover, the executive said it would also attest to security over customer funds which is the topmost concern of customers and government agencies.

Related: BitGo completes further SOC 2 compliance certification year after Deloitte award

While the audit provides assurances, Lister clarified that it does not improve business systems. “The SOC certification does not improve business systems, but it gives comfort to users and interested parties that controls