By receiving a security certificate, Ledger wants to regain customer trust after a data breach.
The crypto company Ledger, which produces hardware wallets and offers custody services, has successfully been awarded a security certificate according to the SOC Type 1 standard
The New York-based accounting firm Friedman LLP has carried out the so-called „System and Organization Controls“ test, as confirmed in a communication to Bitcoin Era. In it the crypto company writes:
„By obtaining a SOC 2 Type 1 security certificate, we can now offer our customers certified security, which enables us to assure them that our Vault solutions are secure and accessible at all times.“
Ledger Vault is a subsidiary of Ledger that provides crypto custody services to corporations and large investors.
The security test according to the SOC 2 standard checks the security of a company in handling customer information. „The SOC 2 Type 1 certificate is proof that a software service provider complies with current security standards,“ explains a blog entry by RSI Security. „It proves to potential customers that the service provider has passed a corresponding test and that their data is safe with a SOC 2 certified company,“ the blog entry continues.
The SOC 2 Type 2 test procedure is somewhat stricter, applies higher standards and tests over a longer period of time
As part of the SOC 2 Type 1 test, Friedman Ledger tested on several levels, including contingency plans, security and many other technical specifications. „Receiving this certificate shows that our processes and systems are optimized, documented and generally secure,“ says Charles Guillemet, Ledger’s Technical Director, in the statement. Next year the company wants to be tested according to SOC 2 Type 2, as Ledger CEO Pascal Gauthier announced.
The security test comes a few months after Ledger’s database had a vulnerability that could inadvertently leak customer information. At least the leak could be closed again quickly .
The Gemini crypto exchange announced in January 2020 that it had already received a SOC 2 Type 2 certificate.