Crypto.com has been certified with ISO 27017 for security in the cloud and ISO 27018 for privacy protection in the cloud as audited by SGS, an internationally-recognized certification authority.
These two certifications, both firsts for a digital asset platform, demonstrate Crypto.com’s focus on cloud service security for users and its commitment to ensure customers’ personal data are processed securely.
“Security and privacy continue to be a core focus for us, particularly as we scale our services globally through the use of cloud infrastructure,” said Jason Lau, CISO at Crypto.com. “These most recent certifications are a testament to our industry leadership and continued commitment.”
ISO 27017 is a cloud-specific security standard that provides guidelines for information security controls applicable to the provision and the use of cloud services. It ensures that the certified organizations are providing a more safe and secure cloud-based environment to reduce the risk of security problems and to comply with information security management system (ISMS) certification.
ISO 27018 is the first international standard for cloud privacy. It gives privacy-specific guidelines to organizations who are acting as privacy data processors and controllers to enhance information security by assessing risks, establishing objectives and implementing security controls for protecting personally identifiable information (PII) in public clouds.
Crypto.com’s implementation of its Information Security Management System (ISMS), Privacy Information Management System (PIMS), and Business Continuity Management System (BCMS) are audited at least once a year by third-party certification bodies to ensure continued compliance with multi-ISO standards.
“Security and privacy are foundational pillars of our commitment to our 80 million users around the world,” said Kris Marszalek, CEO of Crypto.com. “We will continue to invest in ensuring the highest standards for safety, security and privacy.”
Crypto.com was already successfully certified as the first virtual asset platform to achieve ISO 27001 (Information Security Management System) and ISO 27701 (Privacy Information Management System) certifications, and in 2019 and 2020 respectively and ISO 22301 Business Continuity Management in 2021, as well as conforming to the NIST Cybersecurity and Privacy Frameworks.