Liminal secures FSP license from FSRA in ADGM   Read more

Moving Beyond ISO & SOC Security Certifications

| November 17, 2023

Share this article

Novel technologies disrupt the fields they find utility in ever so often. The revolutionary benefits they bring drive up adoption and capsize how industries function. Cryptocurrencies are no different – they changed the financial and technological landscapes and created a new lane labeled Web3. Their novelty, however, leaves industry-wide issues to be resolved like with any burgeoning technology.

Users embracing cryptocurrencies find themselves at high risk of losing the value represented by the coins and tokens they hold. Their decentralized nature leaves all the risks associated with managing them to their custodians. The complexity involved in storing and utilizing the private keys encrypting cryptocurrencies adds a massive layer of obscurity to their management. The concern is not just limited to retail users, as enormous institutions face the same troubles, giving way to precarious vulnerabilities.

Cybercriminals causing massive exploits to institutional storages bear testament to the fact. Household crypto names like Binance and KuCoin have been at the receiving end of hackers, losing hundreds of millions and leading the community to wonder if cryptocurrency usage is safe at any level.

The Application of Information System Security Certifications into Web3

The lack of uniform standard operating procedures (SOPs) specific to digital asset management has been the primary reason for the insecurity around users trusting crypto enterprises with their funds. The enterprises have secured their infrastructures through trial and error in the past, arousing mishaps until they found suitable ways to function. Even then, it was a matter of time until bad actors found holes in enterprise systems.

The community may rest assured that better times are on their way, though, with security frameworks catching up to the growing needs of the industry. Well-known enterprises and others just establishing themselves are turning to existing information systems security requirements to implement necessary blockades against hacks and thefts. 

Designing and setting up asset and data storage infrastructures in compliance with ISO (International Organization for Standardization) and SOC 2 (System and Organization Controls 2) recommendations have become the first line of action for crypto enterprises.

ISO:27701 is the benchmark for any reputed IT service provider, and receiving this accreditation is the bare minimum for crypto service providers, too. The certificate comes upon successful audits of platforms following practices around operating informational and privacy management systems securely. 

Similarly, the SOC 2 certification comes upon clearing audits that look at the capabilities of establishments in handling sensitive data confidentially, privately, and securely, among other principles underscoring the auditing process. In the context of crypto enterprises, these certifications let users know they safely handle delicate data like KYC details, account information, private keys, and more.

However, ISO:27701 and SOC 2 accreditations are not crypto-specific and only allow users to know that enterprises employ generic firewall for their systems. More specialized frameworks, alongside ISO and SOC 2, are needed for attesting crypto enterprise security. The CryptoCurrency Certification Consortium (C4) brings just that with its CryptoCurrency Security Standard (CCSS) certification.

A New Wave of Cryptocurrency Security Via CCSS Certification

The CCSS certification is offered to crypto-native enterprises and decentralized protocols upon thorough scrutiny by its associated auditors. They judge the security measures adopted by projects based on 31 different control aspects and certify them if they meet CCSS requirements. The certification comes in three variants marked as levels 1, 2, and 3. Projects are evaluated based on the activities they are involved in and are certified with the level their undertakings correspond to.

The level 1 certification is for projects comprising systems for the self-custody of assets. Ventures providing digital asset services to clients can have their systems accredited with either the level 2 or the level 3 certification based on how they meet CCSS security requirements. Systems partially meeting them get branded with the level 2 certification, and those fully meeting them are awarded the level 3 certification.

Thus, the CCSS certification, in tandem with ISO and CSO certifications, underpins asset security within the Web3 ecosystem. End users can rely on these pointers to make the right choices while leaving value on enterprises and protocols.

Liminal Is Leading the Custody Chart with the Most Security Certifications

Liminal is one such enterprise that leaves no page unturned in providing secure asset storage infrastructure that users can rely on without worries. The crypto custodian was accredited with the level 3 CCSS certification for its highly secure system earlier this year, making it only the second platform to meet all CCSS requirements and achieve the “Full System” status.

The feat comes with Liminal committing to offering the best measure of security that the Web3 ecosystem can witness. The platform made strides on this front even before receiving the CCSS approval by gaining ISO:27701 and SOC 2 accreditations. It also enlists the likes of Vanta, an automated security compliance monitoring leader, to continuously analyze its practices and infrastructure from the perspective of CCSS, ISO, and SOC 2 requirements.

What’s more, Liminal takes asset safety one step further by being insured for the funds under its management and staying prepared for worst-case scenarios like exploits. User asset protection is the top priority, and Liminal makes no exceptions. No wonder it gained regulatory approval in Hong Kong and received the TCSP license to operate as an asset custodian there.

Of course, the journey has only begun for the platform as it looks to meet even more stringent security frameworks and attain licensed stature in several other jurisdictions in the coming days. Receiving the go-ahead from top security certifying agencies and national regulatory bodies is no joke – especially the way Liminal has within its short existence. It will continue to address emerging threats in the Web3 ecosystem and make asset handling safe for institutions and retail users.

More on Crypto

Liminal Custody received initial approval for a VASP license from Dubai’s VARA, paving the way for secure institutional custody services. Learn more. ……
May 27, 2024
As we move toward standardized and regulated usage of digital assets, it is remarkable to see more jurisdictions develop improvised versions of compliance with laws to help individuals and institutions stay safe and resilient. ……
May 23, 2024

Find out what is the Ideal Custody Solution for you