After months of incredible hard-work by our security team, we’re proud to announce that Fortmatic has successfully completed it’s SOC 2 Type 1 security audit performed by A-LIGN — making us the world’s first web3 authentication provider to demonstrate this level of security compliance in safeguarding user funds and data.
Fortmatic strives to bring forth mainstream adoption to web3 decentralized applications by eliminating the need for users to install any 3rd party software or write down recovery seed phrases before even getting started, and instead let them access and spend cryptocurrency with these applications using their phone number and PIN code — web 2.0 style. Doing this would require a huge commitment from Fortmatic to trust and security. On top of air-tight security architecture, we’ve also developed intensive processes and diligence around confidentiality, risk mitigation, and business continuity — all enforced by the criteria of SOC 2 audits.
SOC 2 audits are not new to the crypto ecosystem. It’s, in fact, a rigorous security compliance standard which has been adopted by industry leaders such as Gemini, Coinbase, and BitGo. On top of completing our SOC 2 audit, we also conduct regular white-box and black-box penetration tests, integrated with PhishFort to fight against phishing attacks, and moving forward with preparing for our SOC 2 Type 2 audit to further validate our security controls.
We’re still a startup, and we’re working around the clock to ensure we both deliver quality products, AND to build and communicate trust with users and developers. We’re kicking off the process with this SOC 2 announcement, and will be sharing more content in the upcoming articles such as our security architecture.
If you would like to report a vulnerability or have a security concern regarding our user-facing and developer-related services, SDK, API, infrastructure, and architecture, etc., please e-mail firstname.lastname@example.org