We’re pleased to announce that we have successfully completed a clean SOC 1 Type 1 report, in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA) and achieved a SOC 2 Type I compliance in accordance with American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations also known as SSAE 18.
Achieving this standard with an unqualified opinion serves as third-party industry validation that First Digital Trust Limited provides enterprise-level security for customer’s data secured in the First Digital Trust Limited System.
Right from the start, First Digital has focused on keeping our data and our clients safe and secure. We’ve always sought to be compliant with the highest standards for enterprise security data, and we will continue to do so.
Here’s what SOC 1 and 2 are and what they mean for First Digital Trust and our clients.
What is SOC 1?
SOC stands for System Organization and Controls. SOC 1 evaluates an organization’s internal controls, relevant to its customers’ financial statements. It’s a measure of the reliability and accuracy of an organization’s financial reporting, and it’s sufficiently stringent that it’s regarded as the only form of evidence that a company is compliant with the requirements of the Sarbanes-Oxley Act 2017 (SOX).
SOC 1 audits are performed in compliance with the Statement on Standards for Attestation Engagements No. 16 (SSAE 16).
How do you get SOC 1 certified?
SOC 1 audits are performed by Chartered Public Accountants or accounting firms with specializations in the area served by the company being audited.
What is SOC 2?
SOC 2 is an auditing procedure that tests an organization’s efficacy against five “trust service principles”: Privacy, Availability, Confidentiality, Processing Integrity, and Security.
SOC 2 isn’t a set of rules that you have to follow to qualify. It’s an evaluation of the ability to set up processes that align with the trust service principles. It’s also entirely voluntary, so if you see a company with SOC 2 certification, it means they went out of their way to have their data processing and storage tested to make sure it was up to the highest standards in the industry.
How do you get SOC 2 certified?
SOC 2 certification can only be gained after an audit by a Chartered Public Accountant or an accounting firm. Guidelines on how such audits are to be performed are laid out by the American Institute of Chartered Public Accountants (AICPA), which has established professional standards to regulate the work of SOC auditors. All AICPA audits must also be peer-reviewed.
SOC 2 compliance is based on more than just a simple set of rules, but this brief checklist illustrates some of what’s tested:
- Access controls: Are there logical and physical restrictions on assets, preventing access by unauthorized staff and others?
- Change management: is there a controlled process in place for managing changes to IT systems, and preventing unauthorized changes?
- System operations: Are ongoing operations monitored to detect and resolve deviations from organizational procedures?
- Risk mitigation: Does the organization have methods to identify, respond to and mitigate risks, while addressing subsequent business — and does it apply them?
Processing integrity, including adequate encryption, is also addressed. SOC 2 audits are comprehensive and in-depth.
Why does First Digital have both?
First Digital Trust has both SOC 1 and SOC 2 certification because we are both a financial, and a digital company. Therefore, we need to make sure our financial reporting is conducted to the highest standards and that all our clients know that. We also need to make sure that our data management is similarly excellent, so we need both.
What do these certifications mean for First Digital customers?
We work with businesses, sovereign wealth funds, and high net worth individuals who rely on us to keep their assets safe and secure. They need to know that we’ll keep their data equally secure — it’s one of their most important assets, after all. (In the case of digital assets the two are practically synonymous.)
Our SOC 1 certification is your warranty of financial probity. Our SOC certification is evidence that we take your data just as seriously.
Any organization that wants to maximize the value of its data needs to establish a secure process for working with it. This includes thoroughly evaluating any vendor that will be required to store and manage data, whether that’s for data hosting, business intelligence, or more advanced analysis.
Earning the SOC 1 & 2 certification demonstrates our commitment to our customers’ security and privacy. We believe it is imperative to have the highest level of security in our role, safeguarding the valuable digital assets that we have been entrusted with. We will continue to prioritise this going forward, investing in technological innovation and refining processes, putting security and regulatory compliance at the forefront of our service and product offering - Vincent Chok, CEO