Safeheron Achieves SOC 2 Type II Certification, Data Security System Further Recognized


Safeheron, an open-source digital asset MPC self-custody solution provider, announces the attainment of SOC 2 Type II certification for data security and privacy standards. The achievement provided by Deloitte, a leading global provider of audit and related services, verified if the design and implementation of security processes and controls are in line with compliance, evaluating the effectiveness of Safeheron's security system, controls, etc. over time.

Attaining the SOC 2 Type II certification further demonstrates Safeheron's capabilities in transparency, security reliability, and its commitment to safeguard user data security and privacy. Safeheron ensures the protection of customer data from unauthorized access, maintaining system security, user information confidentiality, and privacy.

Q & A

What is evaluated by SOC 2 Type I and Type II certification respectively?

​​SOC 2 Type I Report: The Type I report primarily focuses on a one-time assessment of the effectiveness of an organization's information security controls. This report covers only a specific point in time, usually an audit date, to verify whether the security controls comply with the SOC 2 criteria at that point, providing information on whether the organization's information security controls are well-designed and can be implemented properly.

SOC 2 Type II Report: The Type II report covers a longer audit period, requiring not only verification of the design and existence of information security controls but also evaluation of the effectiveness of these controls during the audit period. This means that auditors will conduct continuous monitoring and testing throughout the audit period to ensure the security controls can effectively protect customer data continuously.

What is the process of SOC 2 Type II audit?

Safeheron's SOC 2 Type II audit adopts an on-site auditing approach.

The SOC 2 examination includes inquiry, observation, inspection, and re-performance. During the SOC 2 Type II audit, the controls are evaluated from the perspectives of control design, implementation, and operational effectiveness during the testing period. Safeheron will provide evidence during the audit period and accept random inspections. Deloitte conducts sampling based on the guidelines of AICPA and the requirements of SSAE 18, evaluating the effectiveness of operating controls.

What preparations has Safeheron made for the SOC 2 Type II audit?

Safeheron’s Chief Information Security Officer (CISO) and his team have built a security control system that meets SOC 2 criteria through gap assessment, risk assessment, the regulation of relevant policy processes, and other measures.

SOC 2 Type II audit verifies Safeheron's sustained effectiveness in the security control system.

What Safeheron Has Prepared

What challenges are typically faced during a SOC 2 Type II audit? What problems did Safeheron encounter in this process, and how were they resolved?

SOC 2, as a universally recognized gold standard for the internal information security control system for enterprises, its criteria evaluation and audit also apply to the burgeoning blockchain security industry.

However, blockchain security practitioners first need to assist auditors in understanding their own business and technology adoption, such as Safeheron assisting auditors comprehensively in understanding blockchain security, its technology adoption, and business development, in the early stages of SOC 2 audit, alongside Safeheron's own business development and technological adoption.

Such as

  • Differences between blockchain security and traditional industry security.

  • How Safeheron delves into blockchain security.

  • How Safeheron employs proprietary MPC+TEE technology to secure user assets.

  • How Safeheron's self-custody services and wallet-building services for institutional clients ensure client business security while facilitating client business development.

For companies undergoing SOC 2 Type II audit, who have already established a security control system conforming to criteria during the SOC 2 Type I audit, challenges may include the following:

During preparation, companies may need to adjust and improve their existing security controls to ensure compliance with SOC 2 criteria and effective operation. This might require redesigning security processes and allocating more resources to implement new controls.

Safeheron has been building and continuously improving its internal security system since its inception. Advancing SOC2 Type II certification has also helped us to identify and fill gaps, optimize existing measures, customize the required security designs as per the situation, and continuously verify the effective implementation of internal security measures.

For more information about SOC 2 certification, you can browse through Safeheron Attains SOC 2 Type I Certification, Adhering to the Highest Standards of Data Security.


Achieving SOC 2 Type II certification is not only a high recognition of Safeheron's always-practiced data security system but also a best practice in continuously optimizing existing security management and data protection systems.

Our proprietary MPC+TEE self-custody security technology effectively encrypts and protects user data and privacy from unauthorized access and tampering, accompanied by comprehensive security measures, and continuous optimization, achieving a highly feasible and highly reliable internal security system through "Technology + Compliance". The SOC 2 Type II certification is now a robust testament to Safeheron's comprehensive, continuous, and effective maintenance of system security, user information confidentiality, and privacy.

Safeheron will not stop here; we will continue to impose high-standard requirements on ourselves, continually advancing industry-recognized security compliance certification and implementing reliable security measures. By integrating knowledge with action, Safeheron ensures to provide safer and more reliable digital asset self-custody services for all users.

Last updated