Crypto.com has been certified with ISO 27017 for security in the cloud and ISO 27018 for privacy in the cloud, as audited by SGS, an internationally recognized certification body.
These two certifications, both firsts for a digital asset platform, demonstrate Crypto.com’s focus on the security of cloud services for users and its commitment to ensuring that customers’ personal data is processed securely.
“Security and privacy remain our focus, especially as we scale our services globally by leveraging cloud infrastructure,” said Jason Lau, CISO at Crypto.com. “These recent certifications are a testament to our industry leadership and ongoing commitment.”
ISO 27017 is a cloud-specific security standard that provides guidelines for information security controls applicable to the delivery and use of cloud services. It ensures that the certified organizations provide a more secure cloud-based environment to reduce the risk of security issues and comply with Information Security Management System (ISMS) certification.
ISO 27018 is the first international standard for data protection in the cloud. There are privacy-specific guidelines for organizations that act as privacy data processors and controllers to improve information security by assessing risks, setting goals, and implementing security controls to protect personally identifiable information (PII) in public clouds.
Crypto.com’s implementation of Information Security Management System (ISMS), Privacy Information Management System (PIMS) and Business Continuity Management System (BCMS) is audited at least annually by external certification bodies to ensure ongoing compliance with multi-ISO norms.
“Security and privacy are cornerstones of our commitment to our 80 million users around the world,” said Kris Marszalek, CEO of Crypto.com. “We will continue to invest in ensuring the highest standards of security and privacy.”
Crypto.com has already been successfully certified as the first virtual asset platform to achieve ISO 27001 (Information Security Management System) and ISO 27701 (Privacy Information Management System) certifications in 2019 and 2020 respectively, and ISO 22301 Business Continuity Management in 2021 and compliant with the NIST Cybersecurity and Privacy Frameworks.