April 24, 2023

Shredding and burning of residual wood with BAFA subsidy

Safeguarding clients' data is a natural top priority in the finance world and at Nexo we’re proud to continuously invest in the best data security practices. Today, we are thrilled to announce that we have completed our Service and Organization Controls (SOC) 2 Type 2 Compliance audit, acquiring an American Institute of Certified Public Accountants (AICPA) Certificate.

This is a significant milestone in our ongoing commitment to adhering to the highest standards in cybersecurity.

Nexo’s extensive SOC 2 validation was conducted by A-LIGN, a renowned cybersecurity and compliance firm that has assisted over 2,500 global organizations in mitigating cybersecurity risks, including T-Mobile, Alloy, and Raymond James. This audit further validates our dedication to data security and compliance with essential industry standards.

“The SOC 2 Type 2 audit marks another apex in our mission to deliver best-in-class financial solutions. This achievement perfectly complements our security infrastructure from a deeply technical, client-data safety standpoint. While our over-collateralized lending model and real-time reserves attestation verify the stability of Nexo from an operations perspective, the AICPA certification for our SOC 2 audit consolidates our position among the leaders in the digital assets space with security and operational measures of the highest order”, said Antoni Trenchev, Co-founder and Managing Partner at Nexo.

Often viewed as the gold standard in client data protection within the financial services industry, Nexo’s SOC 2 Type 2 audit further enhances users’ security on our platform. While it is a significant milestone on its own, Nexo has a substantial track-record when it comes to adopting industry-leading security measures. Our platform boasts the CCSS Level 3 Cryptocurrency Security Standard in regard to asset storage and the renowned ISO/IEC 27001:2013 Certified Information Security Management System certification.

What Is an SOC 2 Report and Why Is It Important for You?

An SOC 2 report focuses on addressing risks related to data handling and access. Different from a technical cybersecurity assessment, this SOC 2 report emphasizes how an organization implements and manages controls to mitigate identified risks throughout the various aspects of its operations.

Unlike SOC 2 Type 1, which is a point-in-time evaluation, Type 2 certification assesses the effectiveness of these security controls over an extended period of time. It provides assurance that the company has consistently and reliably implemented the necessary measures to protect sensitive information.

This provides our clients with objective proof that Nexo treats client data security as an utmost priority. Testament to this is the independent assessment from our partnering auditors at A-LIGN. Becoming SOC 2 compliant is crucial for us as it fortifies our existing robust information security framework. Nexo’s SOC 2 compliance aims to add an extra layer of customer trust, by safeguarding clients against data breaches.

The SOC 2 audit testing framework is based on the Trust Services Criteria (TSC), which identifies different risks that an organization should address. In Nexo’s case, A-LIGN evaluated that our company has appropriate policies, procedures, and controls in place to effectively manage these identified risks.

By achieving SOC 2 compliance, Nexo again distinguishes itself as a leading digital assets institution, demonstrating to our clients and partners our unwavering principles and rigorous standards.