Nexo Enhances Data Security Credentials With SOC 3 Assessment and SOC 2 Audit Renewal

Digital asset platform Nexo has bolstered its data security credentials with the renewal of its SOC 2 audit. It’s also passed a new SOC 3 assessment with no exceptions, demonstrating its commitment to safeguarding user data during the course of its business.

While the minutiae of data security accreditation may escape the average crypto user, it’s something which regulated companies are obliged to take very seriously. Attaining SOC 2 and SOC 3 credentials is regarded as evidence of an organization implementing best practise in the storing and handling of customer records.

Independent Auditor Gives Nexo a Clean Bill of Health

Nexo utilized the services of A-LIGN, an independent auditor that specializes in security compliance. It conducted a stringent examination of Nexo’s security practices and found that the company was fully compliant with SOC 2 framework standards. The audit by A-LIGN, which has 20 years of experience, follows a similar examination into Nexo’s procedures that was conducted a year ago.

"Completing the gold standard in client data protection for the second consecutive year brings me great pride and a profound sense of responsibility,” said Nexo Chief Information Security Officer Milan Velev. “It is crucial for Nexo customers to have compliance peace of mind, knowing that we diligently adhere to security regulations and remain committed to annual SOC audits. These assessments provide further confidence that Nexo is their partner in the digital assets sector.”

Understanding SOC Standards

SOC 2 and SOC 3 are types of Service Organization Control (SOC) reports. They’re intended to provide assurance about the controls in place at organizations, particularly in regards to security, availability, processing integrity, confidentiality, and privacy. These reports form part of the American Institute of Certified Public Accountants (AICPA) framework for evaluating the effectiveness of controls within service organizations.

SOC 3 reports provide a high-level overview of the same information contained within a SOC 2 report but without the same degree of detailed and sensitive information. SOC 3 reports are often used for marketing purposes, as they are designed to be shared publicly without revealing detailed descriptions of the system and tests performed. As such, SOC 2 and SOC 3 are often sought in tandem, one for internal and the other for external use.

While there is no law compelling companies to obtain SOC 2 and SOC 3 standards, doing so is seen as evidence of maintaining robust data handling policies. This is beneficial not only for enhancing an organization’s data handling procedures, but for reassuring stakeholders and users that their information is secure.

Given that it has millions of users and custodies billions of dollars of assets, Nexo has good reasons for obtaining independent verification that its data security is fit for purpose. The crypto trading and lending platform promises institutional-grade custody aided by features such as a real-time risk engine.

The majority of crypto companies, including exchanges, do not hold SOC 2 or 3 certification. Nexo believes that the attainment of these standards is desirable, enhancing its reputation as a trustworthy crypto provider.