Gemini made the announcement in a blog post authored by head of risk at Gemini Yusuf Hussain on January 23 on Gemini’s official website. Cameron and Tyler Winklevoss-founded Gemini said that it had passed SOC2 Type 2 examination for its cryptocurrency exchange and Gemini Custody.
Gemini claims that achievement has made the firm the world’s first crypto exchange and custodian to demonstrate the highest level of security compliance in the industry. Although, another custodian BitGo has passed the same security compliance test in April 2019.
The company achieved SOC 2 Type 1 in January of 2019 which was also completed by Deloitte. The head of risk Yusuf Hussain said:
“Upon the completion of our Type 1, we publicly committed to following through with a Type 2 examination and — working again with Deloitte & Touche LLP — we’re proud to have achieved this!”
Yusuf Hussain further said that the company would be completing SOC 2 Type 2 test on annual basis to bring more trust to the platform that would help the company to protect customers data and cryptocurrency and further our mission to empower the individual through crypto.
Yusuf Hussain further wrote:
“At Gemini, trust is our product. Trust is built over time and it’s a function of doing what you say you are doing. Taking this further, simply saying you are secure is not the same as demonstrating you are secure to an independent third party. We feel that everyone should require these standards for any cryptocurrency exchange and custodian they use.”
This trust building is paying back to Gemini as Crypto Economy reported on January 16 that Drawbridge Lending, a US Commodity Futures Trading Commission (CTFC) regulated commodity pool operator and commodity trading advisor, has added Gemini Custody to its platform to protect borrower assets and lender capital.
What are SOC 2 Type 1 and Type 2 Tests
SOC stands for service organization control. SOC 2 is like an audit in which organization’s non-financial reporting controls are examined which are related to trust services such as the security, availability, processing integrity, confidentiality, and privacy of a system.
Type 1 and Type 2 tests are quite similar, but the key diiference is that a Type 1 test is the evaluation of controls at a service organization at a specific point in time, whereas Type 2 evaluates whether these system controls have been operating effectively over a period of time.