As part of Kraken’s commitment to client security, they have reportedly completed and passed an independent auditor’s examination over internal controls as defined by the American Institute of Certified Public Accountants (AICPA) SOC 2, Type I compliance standard.
Kraken has shared details “about this process and how it serves our mission to be one of the most secure crypto exchanges in the world.”
As explained in a blog post, SOC 2, Type I is “an independent third-party auditor’s examination over internal controls focused on the security and availability of systems and data.”
The audit process “helps to verify that Kraken has implemented the necessary controls to protect customer data and funds. AICPA conducts the examination based on its own Trust Services Criteria and in accordance with its Code of Professional Conduct.”
The AICPA’s Trust Services Criteria consist of five categories:
- Security
- Availability
- Processing integrity
- Confidentiality
- Privacy
Each category includes “a robust set of criteria that organizations must meet, depending on the scope of the examination.”
The AICPA designed the criteria “to help organizations identify and address potential risks and vulnerabilities in their information systems.”
Organizations must also “demonstrate that they have implemented appropriate controls to protect their information systems from unauthorized access, use, or disclosure.”
For Kraken, the completion of the SOC 2, Type I examination “demonstrates our commitment to security and the protection of customer data and funds.”
Kraken achieved its SOC 2, Type I report “within the Security and the Availability Trust Services Criteria as defined by AICPA.” The report “covers Kraken’s funding services and custody capabilities.”
Kraken says they believe “that the auditor’s unqualified opinion demonstrated that Kraken had exceptional internal controls on security and availability.”
It means that they are able to “offer proof, not promises, about our world-class security. In fulfilling the requirements for SOC 2, Type I, we have demonstrated that our security practices meet global standards.”
This examination allows then “to not just claim, but independently prove that your safety and privacy at Kraken are paramount.”
For Kraken, the commitment to evaluations “performed by independent auditors and other bodies is a testament to our unwavering commitment to demonstrating that our clients’ funds, NFTs, and privacy are secure.”
Koushik Subramanian, Director of Security Risk Management at Kraken, said:
“We continue to level up our security, availability, privacy and trust for our stakeholders. I am extremely proud of our team at Kraken for achieving this milestone. The audit was a large effort that spanned many months and was cross-functional involving multiple teams.”
Kraken continuously “explores avenues to validate the strength of our security program and commitment to an effective internal control environment.”
The issuance of the SOC 2, Type I opinion “for Kraken’s custody and funding service demonstrates their commitment to their clients’ privacy and security.”
Kraken claims it remains “dedicated to the ongoing enhancement of their control program and deepening their investments in the innovative security measures that keep you safe.”
Their collaboration “with independent third-party assessors and auditors helps validate their efforts for all to see.”
They’re pleased to be “recognized as a digital asset platform that is committed to protecting your financial freedom.”