We are thrilled to announce that we have successfully completed the System and Organization Controls (SOC) 2 Type I examination, making Kiln officially SOC 2 Type 1 certified. This qualification assures that the security and privacy of our infrastructure is up to the standard expected by institutional customers. This post explains the results of this audit and what it means for our customers.
Security is key in staking
Staking is the process of allocating a portion of your assets to a blockchain protocol to participate in its security, and earn rewards while doing so. Whether in a pool or running and managing your own validators it is a necessity to consider the levels of protection for your assets. This includes both privacy from external parties, and security from attack.
Without proper maintenance and protection of data, your assets are vulnerable to foreign bad actors and internal mishandling. That is why bigger platforms do all that they can to keep security and data management practices as high as possible. This can be through audits and continued security standard improvement.
When dealing with SaaS platforms to stake your assets, only certification can ensure that you can trust the security coming with the organization. Well-known and solidly founded companies will do everything to keep their user’s interests safeguarded.
As we hold your validator keys, it is especially important to have all precautions put in place for the fortification of assets related to those keys and data therein.
Audits like the SOC2 Type 1 compliance tests are a way of providing this assurance. The process of getting compliant is one that requires a lot of data provision and in-depth testing. Here is all you need to know about this form of compliance reporting.
What is the SOC2 Type 1 compliance test?
The SOC2 is an audit standard that checks the compliance of cloud-based data storage systems. It tests the efficiency of data management of a service provider and the security in storing that data. There are up to five criteria assessed in a SOC2 audit:
- Processing integrity
For our audit, we focused on the Security criteria.
Once concluded, this audit can prove a company’s compliance in managing cloud data. Clients can be sure they are protected both from within and outside the organization. Though SOC testing is voluntary, it is a definitive and trusted audit that has been applied to data security systems since the early 2010s. It was introduced by the American Institute of CPAs and is a high-level qualification that is regarded as a definitive benchmark for data security.
It is important to differentiate between SOC 2 Types 1 and 2. Both audits look at the same criteria but while Type 1 tests the design of a company’s security operations, Type 2 looks at the efficiency of those operations over a six-month period.
SOC 1 is in the same auditing family as the SOC2, however, it looks at the company’s financial situation and reports on this aspect of a company’s profile.
First and foremost, who carries out an SOC 2 Type 1 compliance test? Any licensed and certified public accounting firm can perform this test. Kiln was audited by Prescient Assurance, a leader in security and compliance attestation for B2B SaaS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provides risk management and assurance services which includes but is not limited to SOC 2.
The service provider needs to build a team composed of an executive sponsor and team leads from each department, including HR and sales, as well as technology to overlook these processes. A firm will then usually request that the team complete a questionnaire. This questionnaire will go over things like data security policies, procedures, and IT infrastructure, among others.
After the compliance testers have collected this information, they go about amassing evidence to check practices. At this point, they would begin requesting to see the actual operating processes of handling data and its security within the company. These operations and the internal policies are then considered as a whole.
An evaluation is then drawn up, and any extra information may be requested. Data may then put the operations through penetrative and other forms of testing. This part of the testing will show the extent to which data is protected from external vulnerabilities as well as internal handling.
Should there be any need for any follow-up questions or more requirements for input from the team or owners, this is done after the evaluation. This will ensure that all avenues are taken to verify compliance within SOC 2 reporting. At this point, the evaluation is just about complete.
Finally, an SOC 2 Type 1 report is written up and presented to the requested company. A successful audit and a positive report boosts the profile of a SaaS organization by showing clients that it is compliant with data handling. This can ensure that information supplied to the company is safe and well maintained without ever being shared in an inappropriate manner.
SOC 2 Type 1 and staking
As a staking service provider, it is essential that Kiln keeps its clients’ data out of the hands of bad actors. The data that is maintained by Kiln are most often assets that retain real-world value. For this reason, data security is of the utmost importance. It is for this reason that Kiln has gone through voluntary compliance testing through the SOC 2 Type 1 reporting.
It is now quantifiably clear that assets and client information provided to Kiln at this time is certified compliant and up to standard in security. If you are an institutional user of the Kiln platform, this is good news as it verifies that your data and assets are secure and they are managed with the highest standard of security and compliance.
Kiln does everything necessary to ensure the proper processing and handling of data within the company.
As the leading enterprise-grade staking platform, we provide staking services to a variety of institutional clients and shows their devotion to data security through practices like audits and security maintenance. We are a rock-solid platform in this respect and continues to work to maintain and secure all information that is compiled from customers.
If you are not yet one of our clients and if you are considering joining the platform, this compliance report should help you make that decision. You can rest assured that your data and assets are protected against foreign actors and are handled properly internally.
If you need to stake assets while maintaining the highest standard of security and compliance, request access here to see Kiln in action.
Kiln is the leading enterprise-grade staking platform, enabling institutional customers to stake assets, and to whitelabel staking functionality into their offering. Our platform is API-first and enables fully automated validator, rewards, and commission management.
We are proud to be long-term operators on the Ethereum Beacon chain, running over 8,500 validators on Mainnet and actively participating in #TestingTheMerge.
Want to work with us? We're hiring.