INX is proud to announce that it has successfully completed the SOC 2 certification process with the assistance of Ernst & Young, demonstrating our commitment to security and trustworthiness.
The SOC 2 certification is a widely-recognized auditing standard that evaluates the security, integrity, and privacy of a company’s systems and data for service organizations that handle sensitive customer information.
To earn the SOC 2 certification, the gold standard in data protection, INX met the high standards set forth by the American Institute of Certified Public Accountants (AICPA). To meet these standards, we underwent an in-depth review of our policies, procedures, and controls, as well as an on-site audit by a third-party auditor.
“We are pleased to announce that we have acquired our SOC 2 Report. This is a natural step in our continued quest of ensuring the ultimate level of integrity and safety for all our working partners” said Itai Avneri, COO at INX. “We will continue to take the long, less traveled road in regard to protecting the safety of our clients.”
INX remains the first and only digital hub for traders, investors and capital raises with SEC regulation.
What is SOC 2?
SOC 2 stands for “Systems and Organizations Controls 2” and is sometimes referred to as SOC II. It is a framework designed to demonstrate the security controls a company uses to protect their customer’s data. It is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. For organizations evaluating SaaS or cloud services providers, compliance with SOC 2 is a minimum requirement as it confirms a certain level of maturity around security best practices. SOC 2 is confirmation of the high standards that only the most elite vendors ascribe to. Certification is performed by external auditors with the resulting report confirming that the processes conducted by the said company are actually being followed in practice. In our case, we worked with in-house auditors at Ernst & Young to produce the report.
Why is SOC 2 compliance important?
The significance of the role of SOC 2 in data security cannot be underestimated. At a fundamental level, SOC reports confirm a level of integrity, ethics, and security throughout a company’s operations. Compliance with SOC 2 requirements indicates that an organization maintains a high level of information security. Strict compliance requirements (tested through on-site audits) can help ensure sensitive information is handled responsibly.
Who can perform an SOC audit?
SOC audits can only be performed by independent CPAs (Certified Public Accountants) or accounting firms. AICPA has established professional standards meant to regulate the work of SOC auditors. In addition, certain guidelines related to the planning, execution and oversight of the audit must be followed. All AICPA audits must undergo a peer review.
SOC 2 Security criterion. Four step check-list:
SOC 2 security principles focus on preventing the unauthorized use of assets and data handled by the organization.
Here is a basic compliance checklist, including controls covering safety standards:
- Access controls – logical and physical restrictions on assets to prevent access by unauthorized personnel.
- Change management – a controlled process for managing changes to IT systems, and methods for preventing unauthorized changes.
- System operations – controls that can monitor ongoing operations, detect, and resolve any deviations from organizational procedures.
- Mitigating risk – methods and activities that allow the organization to identify risks, as well as respond and mitigate them, while addressing any subsequent business.
We would like to extend our sincere gratitude to Scytale for their invaluable assistance with the SCO2 procedure. We are truly thankful for having such a dedicated and knowledgeable partner in this process.
In today’s connected world, data security is more important than ever. By obtaining the SOC 2 certification, INX is proactively protecting our systems and data and showing our commitment to building trust with our customers.
Thank you for your support and trust in us. We are excited to share this achievement with you and look forward to continuing to serve you and exceed your expectations in the future.