SINGAPORE, 31 AUGUST 2022 — Amber Group, a leading global digital asset company, announced today that it has successfully completed the external attestation of its security controls and processes according to Service Organization Control (SOC) 2 Type II. This was independently carried out by Deloitte and involves a thorough review and approval of Amber Group’s security controls, and follows the company’s successful SOC 2 Type I attestation earlier this year. This milestone firmly establishes Amber Group as one of the most secure and compliant organisations in the digital asset industry.
Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 is an auditing standard that ensures service providers meet a standard degree of control security in areas such as Confidentiality, Privacy and Risk Management and Monitoring of Controls. It has since become the gold standard in many regulated industries.
Having completed SOC 2 compliance, Amber Group now ranks among a limited number of companies which have established robust policies and protocols in accordance with the AICPA Trust Services Criteria relevant to all five principles – Security, Availability, Confidentiality, Processing Integrity, and Privacy – in the scope of the SOC 2 attestation. Most significantly, as part of the SOC 2 Type II attestation, the company has demonstrated its compliance in the use of internal controls in actual management, which was audited in-depth over a longer period of time as compared to SOC 2 Type I.
The attestation validates the operationalisation of internal controls which have been designed and implemented to meet the requirements of key security principles. Amber Group has not only incorporated data security management in its management framework but the company has also implemented the most effective and relevant technologies to ensure data security across key operation touchpoints, which range from data classification, PII encryption & protection, separation of duties and responsibilities, to endpoint security management.
Internal controls were also found to be suitably designed and managed to provide reasonable assurance that its service commitments and system requirements would be achieved based on the applicable trust service criteria. The achievement of SOC 2 Type II compliance therefore underscores Amber Group’s lasting commitment to information security that serves to guarantee institutional grade security controls to safeguard users.
An independent review of security controls has never been more critical to the digital asset industry as the industry renews its focus on regulation and user safeguards. This is compounded by an ever-evolving cybersecurity environment where incidents and attacks continue to evolve and prevail. In response to this increasingly complex landscape, Amber Group voluntarily sought to test the strength of its cybersecurity program through an independent assessment, guided by the US Department of Commerce’s National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).
Testing Amber Group’s cyber maturity against the NIST Cybersecurity Framework, a well-established management standard that is recognized as best-in-class in the security industry, the company achieved the highest NIST Cybersecurity Framework tier – Tier 4 – a strong result that is testament to the company’s commitment to integrate cybersecurity awareness and culture into its business operations. Besides a benchmark of its program against the framework, the assessment also identified potential cyber risk which translates into actionable best practices that serves to strengthen the company’s cyber defence and detection capabilities.
“At Amber Group, we are committed to holding ourselves accountable to the highest security and compliance standards that are practised in highly regulated industries. We recognise that security and privacy is at the core of user trust and confidence in digital assets, and we want to continue building trust among users and regulators. Based on a robust multi-layered security strategy, our team will continue to invest capital and technological investment to develop a trusted platform for all our users. Regular audits are integral in our endeavour to constantly challenge ourselves to be the industry gold standard for security and compliance, and we are proud to have completed leading industry assessments that attest to the rigour of our program and systems,” said Amber Group’s Global Chief Executive Officer, Michael Wu.
About Amber Group
Amber Group is a leading digital asset platform operating globally with offices in Asia, Europe, and the Americas. The firm provides a full range of digital asset services spanning investing, financing, and trading. Amber Group is backed by prominent investors including Sequoia, Temasek, Paradigm, Tiger Global, Dragonfly, Pantera, Coinbase Ventures, and Blockchain.com.