| News

Kraken completes SOC 2, Type I for custody and funding services

As part of Kraken’s commitment to client security, we have completed and passed an independent auditor’s examination over internal controls as defined by the American Institute of Certified Public Accountants (“AICPA”) SOC 2, Type I compliance standard. 

We’d like to share details about this process and how it serves our mission to be one of the most secure crypto exchanges in the world.

What is SOC 2, Type I?

SOC 2, Type I is an independent third-party auditor’s examination over internal controls focused on the security and availability of systems and data. The audit process helps to verify that Kraken has implemented the necessary controls to protect customer data and funds. An independent, third-party auditor conducted the examination based on AICPA’s Trust Service Criteria and in accordance with AICPA’s Code of Professional Conduct.

The AICPA’s Trust Services Criteria consist of five categories: 

  1. Security
  2. Availability
  3. Processing integrity
  4. Confidentiality
  5. Privacy

Each category includes a robust set of criteria that organizations must meet, depending on the scope of the examination. The AICPA designed the criteria to help organizations identify and address potential risks and vulnerabilities in their information systems. Organizations must also demonstrate that they have implemented appropriate controls to protect their information systems from unauthorized access, use, or disclosure.

What does SOC2, Type I mean for you?

For Kraken, the completion of the SOC 2, Type I examination demonstrates our commitment to security and the protection of customer data and funds. Kraken achieved its SOC 2, Type I report within the Security and the Availability Trust Services Criteria as defined by AICPA. The report covers Kraken’s funding services and custody capabilities. 

We believe that the auditor’s unqualified opinion demonstrated that Kraken had exceptional internal controls on security and availability.

So, what does this mean for you? 

It means that we offer proof, not promises, about our world-class security. In fulfilling the requirements for SOC 2, Type I, we have demonstrated that our security practices meet global standards. This examination allows us to not just claim, but independently prove that your safety and privacy at Kraken are paramount.

For Kraken, the commitment to evaluations performed by independent auditors and other bodies is a testament to our unwavering commitment to demonstrating that our clients’ funds, NFTs, and privacy are secure.

“We continue to level up our security, availability, privacy and trust for our stakeholders. I am extremely proud of our team at Kraken for achieving this milestone. The audit was a large effort that spanned many months and was cross-functional involving multiple teams,” said Koushik Subramanian, Director of Security Risk Management at Kraken.

Secure your crypto journey

Kraken continuously explores avenues to validate the strength of our security program and commitment to an effective internal control environment. The issuance of the SOC 2, Type I opinion for Kraken’s custody and funding service demonstrates our commitment to our clients’ privacy and security. 

Kraken remains dedicated to the ongoing enhancement of our control program and deepening our investments in the innovative security measures that keep you safe. Our collaboration with independent third-party assessors and auditors helps validate our efforts for all to see. We’re proud to be recognized as a digital asset platform that is committed to protecting your financial freedom.

Try Kraken Today