SOC2: How do you trust your service provider?

By Milan Khan

R3’s customers in regulated industries require secure and highly available services that process data with integrity to maintain confidentiality and privacy. We currently support enterprise customers through our 24×7 customer support, blockchain application firewall, Hardware Security Module (HSM) integrations and compliance with industry-wide information security standards. 

To further our enterprise commitment, we are excited to share the successful completion of Type 1 SOC 2 examination for Corda Network and its Notary Service. Corda customers can now connect their Corda node to a business network running on the Corda Network with the assurance that the underlying infrastructure and services are designed using a rigorous set of security controls.

Service Organization Controls (SOC) reports are prepared by independent auditors and based on the globally recognized Trust Services Principles and Criteria framework, developed by the American Institute of Certified Public Accountants (AICPA).

To pass a Type 1 SOC 2 examination, a service organization must describe and demonstrate the suitability of the design of their controls to provide assurance they can meet the trust services criteria. A Type 1 examination is a point-in-time audit of the design of those security controls. Our next goal is to work toward the Type 2 SOC 2 examination; this requires evidence of controls operating over a period of time.

R3’s SOC 2 certification is independent validation of our continuing commitment to enterprise-grade products and services.