The SOC 2 certification for Ripple was a great milestone for this blockchain. Now the engineering team is talking about the details of that—the facts about SOC 2 processes for certifying Ripple’s system and organization controls. The SOC 2 certification for Ripple was announced in February. Ripple published a new post to talk about the why and hows for the team to receive the SOC 2 certification.
Moving Toward a Fully Trustful System
Receiving international certifications for blockchains means a considerable step toward more adoption. They can rely on certification to show the capabilities of their system to the world. Ripple that always aims for broader market and adoption, has been busy receiving some of the most popular certifications in the past years.
Ripple wants to become the de-facto for companies that want a decentralized solution. It surely needs to show the security level and capabilities of the system to those companies. The latest SOC 2 certification is a step toward that goal. It indicates that Ripple has the required features to host essential business systems.
Ripple focuses on traditional banks as essential customers for its network. These customers often require SOC 2 certification from a SaaS like Ripple to let it in. In other words, you can’t sell a SaaS to a bank without SOC 2 certificate. But some companies sell SaaS to some banks without SOC 2 that needs a costly, time-consuming auditing process. Anyhow, the first reason for Ripple was to have something that assures banks about the security and integrity of its system. According to Ripple, “In short: the SOC 2 audit is an independent “seal of approval” for Ripple’s processes and its security posture.”
The recent detailing post from Ripple mainly focuses on the steps that Ripple’s teams passed to design and develop a SOC 2 certified system. The post talks about the initial stages:
“A reliable system starts with a reliable design, built on fundamental principles. As we have developed the system infrastructure which supports RippleNet, core principles such as code/data separation, fault isolation, and role-based access control have helped us manage risk by segmenting ownership, control, and resources.”
Ripple’s engineering team believes that two necessary design steps resulted in a secure system. First, Ripple doesn’t store sensitive data like SSL keys or passwords on disks. Second, there is no password-based authentication on Ripple’s network. Other vital procedures that resulted in more security for Ripple are automation capabilities and repeatability. After all, the Ripple engineering team believes the design fundamentals resulted in receiving SOC 2 certification for the blockchain.
If you found this article interesting, here you can find more Ripple news