Gemini Passes AICPA-Recognized Security Audit, ‘A World’s First’ in Crypto

Colin Muller

The New York-based Gemini exchange has today successfully passed a service industry standard security audit, known as the SOC 2 (Type 1) Report - claiming that it is the first platform in the cryptoasset industry to do so. Gemini assert that they will undergo the security examination every year in order to “demonstrate our ongoing commitment to safeguarding [customers’] data and cryptocurrency,” and also to complete the second part of the audit (Type 2) during 2019.

The audit was accomplished by the Deloitte & Touche LLP company (or just "Deloitte"), one of the four largest professional services companies in the world.

Great - What’s That?

SOC Report is short for “System and Organization Controls Report,” part of the “Statement on Standards for Attestation Engagements #16” (SSAE 16). These are security standards developed by the American Institute of Certified Public Accountants or AICPA to ensure security of sensitive information stored by third parties.

This infotech standard essentially exists because of the rise of cloud computing, and its increasing usage in the last decade. Cloud computing and outsourcing of data services has proven far cheaper and easier for most companies than constructing the same sort of plumbing in-house. But, doing it in-house also allows for a much more rigorous oversight and control of security standards, which is obviously lost when outsourcing.

Thus, storing sensitive data on third party servers has given rise to a “marketplace demand for assurance regarding the confidentiality and privacy of  information processed by a service organization’s system,” according to Aicpastore.com.

As stated, Gemini have passed the “Type 1” version of the SOC 2. Type 1 is, according to Atlantic.net, meant to “evaluate whether proper controls are in place at a specific point in time.” Type 2, which Gemini plan to complete this year, is conducted “over a period of time to verify operational efficiency and effectiveness of the controls.”

Dissenting Opinions

It is interesting to note that a recent security audit of cryptoasset exchanges by the website IcoRating.com graded Gemini rather poorly relative to other exchanges. As CryptoGlobe reported at the time, the Bitlicense-approved exchange ranked 84th out of 135 top exchanges, getting poor marks on Domain Security, Web Security, and DoS Attack Protection.

CryptoGlobe also recently reported on Gemini’s new advertisement campaign, conveying to New Yorkers that “investors coming into cryptocurrency deserve the exact same protections as investors in more traditional markets,” and claiming Gemini’s role as a “bridge” between the two, according to Gemini head of marketing Chris Roan.