BitGo accepted a SOC 2 Type 2 certification which is actually a standard security audit performed by an outside monitor. Then the Gemini exchange received a SOC 2 Type 1 certification from ‘’Big Four’’ auditor Deliotte. But BitGo claims to be the first one to receive the certification. The company is working properly and legitimized are proved by the certification. Customers will get aware of who audit the company through this. But BitGo would not say which audit firm directed the Type 2 teat, then again actually it is one of the supposed Big Four.
Subsequent step up
There are some basic distinction between Type 1 and Type 2 exam actually. Type 1 refers to the security established by a company whereas Type 2 just checks it out that whether the company abide by its rules and regulations. A service auditor needs to obtain written representations from the company’s management with the description of the company’s system. In case of type 2, a statement is also required whether these controls were operating properly at a point in time.
Work of Eight Months
To complete Type 2 audit it took eight months to the auditors and they monitored staffs of BitGo and entered building and data center BitGo is utilizing. They tried to know about employees have their access removed in a timely fashion, changing in system, key management process and also about major parties they have relation with. Professional audits of security management is needed for the industry to mature.