Ledger wallet company passes official security audit
Ledger, a crypto company providing a number of hardware wallet solutions, has obtained a successful System and Organization Controls, or SOC, Type 1 test.
Friedman LLP, a New York-based accounting firm, ran the SOC 2 Type 1 test on Ledger, according to a statement provided to Cointelegraph:
"By obtaining the SOC 2 Type 1 report, we are now able to provide an additional layer of verified security to our clients, assuring that the Vault solution is secured at all times and that we have the processes in place to ensure availability."A crypto storage solution for larger players and companies, Ledger Vault operates as a custody wing under the broader Ledger company.
The SOC 2 exam analyzes a company's security by way of an audit, verifying the proper handling of customer information by service-based entities. "As a proof of compliance to the AICPA auditing procedure, SOC 2 Type 1 report shows that a SaaS [software-as-a-service] firm has best practices in place," a blog post from RSI security explained. "It gives potential customers the assurance that a service organization has passed the said auditing procedure, and that their data is safe if they work with the SOC 2-compliant company," the post added.
In contrast, a SOC 2 Type 2 exam raises the bar, testing against more in-depth standards while requiring a longer time horizon for a green light.
During the SOC 2 Type 1 analysis, Friedman investigated Ledger on a number of levels, including its disaster recovery strategy and its security, as well as a host of other technical specifics. "Receiving this attestation is an achievement as it shows our processes and systems are streamlined, documented and overall secure," Ledger's chief technology officer, Charles Guillemet, said in the statement. Next year, the company aims toward securing a SOC 2 Type 2 approval, according to comments in the statement from Ledger CEO Pascal Gauthier.
The exam green light comes after Ledger suffered a database leak several months ago, which exposed customers' information. The popular hardware wallet company fixed the root of the problem following the incident.
Crypto exchange Gemini announced that it had similarly passed its SOC 2 Type 2 test in January 2020.