Nexo's Security Certificates Explained: Securing the Present and Future of Digital Assets

Apr 173 min read

In the fast-evolving landscape of digital assets, security stands as the cornerstone of trust and reliability. Nexo, a leading institution in this domain, has consistently demonstrated its resolute commitment to security and privacy through a series of significant achievements and certifications.

The certificates acquired by Nexo are not just badges of honor. They are a testament to our rigorous standards, sophisticated security practices, and a forward-looking approach towards safeguarding our platform and users against various cyber threats. As we delve deeper into the specifics, we'll uncover the unique aspects and importance of each certification, highlighting how they collectively contribute to establishing Nexo as a paragon of security and trust in the digital asset industry.

ISO 27001, ISO 27017, and ISO 27018 Certifications

Nexo's security and privacy protocols have received a significant endorsement with the prestigious ISO 27017 and ISO 27018 certifications, adding to its existing ISO 27001 standards. These certifications, granted by RINA, underscore Nexo's comprehensive commitment to securing client data, enhancing cloud security, and ensuring privacy in the digital age.

  • ISO 27001: This standard outlines the requirements for an Information Security Management System (ISMS), providing a systematic approach to managing sensitive company information, and ensuring its confidentiality, integrity, and availability.
  • ISO 27017: Focusing specifically on cloud services, this standard offers guidelines for implementing and maintaining effective information security controls within cloud computing environments.
  • ISO 27018: Tailored for cloud privacy and personally identifiable information (PII) protection, this standard assists organizations in addressing privacy concerns when processing personal data in the cloud, establishing guidelines for data controllers and processors.

Cloud Security Alliance's STAR Level 1 Certification

In our continuous efforts to bolster security measures, Nexo received the Cloud Security Alliance (CSA) STAR Level 1 certification, marking a significant advancement in our security infrastructure. This certification serves as third-party validation of our firm commitment to stringent security principles and transparent operational practices. It reinforces our dedication to safeguard client data amidst the evolving landscape of cloud computing services and security standards. 

Obtaining the CSA STAR Level 1 certification involved a rigorous process, including adopting the CSA's Cloud Controls Matrix (CCM) and GDPR Code of Conduct, and completing a comprehensive self-assessment with 261 detailed questions. This assessment was subsequently verified by an external authority through the CSA Cloud Controls Matrix, ensuring compliance with industry-recognized standards. The attainment of the CSA STAR Level 1 certification not only aligns Nexo with industry leaders in adopting best practices but also sets a notable benchmark in the global digital asset sector.

SOC 2 Type 2 Audit

The completion of the Service and Organization Controls (SOC) 2 Type 2 Compliance audit is a significant milestone when it comes to elevating cybersecurity standards on the platform. This thorough examination, led by A-LIGN, a respected cybersecurity firm, scrutinizes Nexo's data handling and access procedures. The audit assesses how Nexo implements controls to mitigate risks across its operations. 

Unlike the Type 1 evaluation, which provides a snapshot of security controls at a specific time, Type 2 delves deeper, evaluating their effectiveness over time. This report underscores Nexo's proactive approach to cybersecurity, ensuring clients' sensitive data receives the utmost protection.

In conclusion, Nexo's security achievements represent not only milestones in its journey but also a reaffirmation of its commitment to setting unparalleled standards in security and transparency within the digital assets space. As the digital landscape continues to evolve, Nexo stands ready to adapt and innovate, ensuring the security and trust of its rapidly growing international clientele.