By obtaining a security certificate, Ledger aims to regain the trust of its customers after a data leak.
The crypto company Ledger, which manufactures hardware wallets and offers custody services, has successfully been awarded a security certificate according to the SOC Type 1 standard.
The New York-based accounting firm Friedman LLP has carried out the so-called „System and Organization Controls“ test, as confirmed in a communication to Cointelegraph. In that communication the crypto-company writes
„By obtaining a SOC 2 Type 1 security certificate, we can now offer our customers certified security, assuring them that our Vault solutions are secure and accessible at all times“.
Ledger Vault is a subsidiary of Ledger, which provides crypto-custody services to corporations and major investors.
The SOC 2 standard security test verifies a company’s security in handling customer information. „The SOC 2 Type 1 certificate is a proof that a software service provider complies with current security standards“, as a blog entry by RSI Security explains. „It proves to potential customers that the service provider has passed an appropriate test and that their data is safe with a SOC 2 certified company,“ the blog entry continues.
The SOC 2 Type 2 testing procedure is again somewhat stricter, applies higher standards and tests over a longer period of time.
As part of the SOC 2 Type 1 test, Friedman has tested Ledger at several levels, including emergency plans, security and many other technical specifications. „Obtaining this certificate shows that our processes and systems are optimised, documented and generally safe,“ says Charles Guillemet, Ledger’s Technical Director, in the statement. Next year, the company plans to be SOC 2 Type 2 tested, as announced by Ledger CEO Pascal Gauthier.
The security test comes a few months after Ledger’s database had a security vulnerability that allowed unwanted customer information to leak out. At least the leak was quickly closed.
The Gemini crypto exchange had announced in January 2020 that it had already received a SOC 2 Type 2 certificate.