Nexo completes third consecutive SOC 2 & SOC 3 audits

Aug 012 min read

123

At Nexo, safeguarding client data and upholding trust through operational excellence are core to our mission. We’re proud to announce that we have successfully completed our SOC 2 Type 2 and SOC 3 Type 2 audits for the third consecutive year — a key milestone that reflects the strength and consistency of our internal controls.

A sustained commitment to security, confidentiality and privacy

Achieving these attestations year after year highlights our ongoing dedication to the highest industry standards. Nexo’s SOC 2 and SOC 3 compliance is built on three core pillars: Security, which safeguards systems and data from unauthorized access or breaches; Confidentiality, which ensures sensitive information is protected from unauthorized disclosure; and Privacy, which governs how we collect, use, retain, and dispose of personal data in accordance with Nexo’s policies and global frameworks such as GDPR and CCPA.

What are SOC 2 and SOC 3 reports?

The System and Organization Controls (SOC) framework, developed by the American Institute of Certified Public Accountants (AICPA), sets the standard for assessing an organization’s internal controls related to data protection and privacy.

SOC 2 and SOC 3 reports are issued by independent auditing firms and evaluate how companies design and operate their systems to safeguard sensitive information. For the third year in a row, Nexo’s audits were conducted by A-Lign, a leading cybersecurity and compliance firm.

Why this matters for our clients and partners

  • Independent assurance: These attestations offer credible, third-party validation that Nexo’s infrastructure, controls, and processes meet rigorous industry standards.
  • Operational transparency: Clients and partners can trust that our systems are continuously monitored and tested, with each audit spanning multiple months.
  • Onboarding confidence: SOC compliance gives institutional and enterprise clients confidence that Nexo meets the due diligence standards required in regulated environments.
  • Data stewardship: Our comprehensive scope — including Security, Confidentiality, and Privacy — reflects our commitment to protecting client data at every stage.

Continuous improvement by design

SOC 2 and SOC 3 compliance is not a one-off achievement — it’s an ongoing process of improvement, coordination, and oversight. Each audit cycle provides insights that help us refine our operations and evolve our control environment.

This year’s renewal is not just a certification milestone — it’s a reflection of our maturing infrastructure and our continued effort to set a high bar for data protection and governance in the digital asset space.