Winklevoss' Gemini Cryptocurrency Exchange Scores Another Security Qualification
The Winklevoss brothers' Gemini cryptocurrency custodian and exchange has obtained a new security qualification, SOC 1 Type 1.
According to an April 21 blog post by the company’s head of risk, Yusuf Hussain, Gemini became the world’s first digital currency custodian and exchange that was granted a Service Organization Control (SOC) 1 Type 1 certification. The examination was carried out by Big Four accounting firm Deloitte.
Meeting high security standards
Passing an SOC 1 review means that Gemini’s financial operations and customer reporting controls comply with requirements set by the American Institute of Certified Public Accountants. Basically, the examination proved that Gemini is capable of mitigating the risk of significant error, omission and data loss. Hussain noted:
“While vital to both our exchange and custody platform, the SOC 1 Type 1 is particularly important to our exchange operations, which execute a significant volume of complex financial transactions for our customers. The SOC 1 Type 1 validates the design and implementation of those operations and the integrity of their corresponding reports.”
In January 2019, Gemini completed an SOC 2 security review.
SOC standard-compliant crypto companies
Some other crypto projects have also undergone SOC evaluationz. Most recently, the crypto custody arm of major United States-based cryptocurrency exchange Coinbase, Coinbase Custody, procured an SOC 1 Type 2 and a SOC 2 Type 2 report by major accounting firm Grant Thornton.
Last September, business advisory company Aprio confirmed major crypto payment services provider BitPay’s compliance with the SOC 2. Last April, blockchain security firm BitGo, which gained an SOC 2 Type 1 certification from Deloitte in 2018, upped its procedures to conform to the Type 2 requirements of the same standard.
While an SOC 1 report provides information on the internal controls relevant to a user organization’s financial reporting, SOC 2 reports provide information on “security, availability, processing integrity, confidentiality and privacy.”