Kaleido has received a report from the first SOC 2 Type 2 examination of controls for our SaaS platform. The report attested to the effectiveness of our controls in accordance with the Trust Services Criteria for Security, Availability, and Confidentiality.
The examination was conducted by A-LIGN Assurance in accordance with the American Institute of Certified Public Accountants (AICPA) attestation standards and assurance standards issued by the International Auditing and Assurance Standards Board (ISAE 3000) so it can be relied on by both US and international customers.
Kaleido’s mission is to accelerate the adoption of enterprise blockchain. That means bringing radical simplicity to a technology that is notoriously difficult to use. It also means everything we do is enterprise grade. We’ve been investing in security and compliance since day one.
SOC 2 Type 2 is a critically important set of standards often required by our enterprise customers in order to trust a SaaS provider. We’ve built Kaleido to serve enterprises with sensitive data and in regulated industries— and SOC 2 is the cornerstone for security compliance.
Our Control and Compliance Journey
Kaleido has been committed to enterprise-level security, availability, and confidentiality from the beginning--even before our public launch in 2018. Our compliance journey focused on adoption of widely-accepted standards and compliance frameworks so customers can be assured that protection of their data, and our system they rely on, is built on a solid foundation.
ISO 27001 Certification
The first major milestone on this journey was achieved in 2019 and certified soon after. In January of 2020, Kaleido became a certified provider whose Information Security Management System (ISMS) received accreditation from the International Standards Organization under ISO 27001. This also included controls from the ISO 27017 and 27018 frameworks for Cloud Computing Security and Protection of Personally Identifiable Information.
SOC 2 Trust Services
We then set sight on our next major milestone – SOC 2 compliance. Kaleido considered each of the AICPA’s “points of focus” for Security, Availability, and Confidentiality and added controls to our existing ISMS in order to address the applicable Trust Services Criteria.
After designing the new SOC 2 controls, we put them into effect and began looking forward to proof of reaching this milestone. That proof came in December 2020 with completion of the SOC 2 Type 2 examination.
Kaleido chose a Type 2 examination and selected a six-month period so our customers can feel confident that we’ve not only published good policies, but we’ve made effective control over security, availability, and confidentiality an integral part of how we manage Kaleido every day.
Kaleido’s Security and Compliance Commitment
Kaleido’s commitment to enterprise-level security, availability, and confidentiality is in our DNA and it’s driven by our desire to accelerate enterprise adoption of blockchain. We want all our customers to feel secure in their selection of Kaleido.
We also know many of our customers have their own vendor risk management controls that are most easily met when they partner with service providers having widely-recognized certifications and auditor attestations. Kaleido’s largest, most security-conscious customers can rely on our commitment to security and compliance.
Our Journey Goes On
Kaleido’s control and compliance journey goes on and we regularly assess the ever-growing risks, frequently-changing regulations, and constantly-evolving best practices.
As we strive for continuous improvement, we consider investments in other control frameworks and certifications that will be most meaningful to our customers. These are the milestones on which Kaleido has set our sights.