close
close

OKX Achieves SOC 1 Type 2 Compliance for Institutional Client Data and Asset Protection

OKX Achieves SOC 1 Type 2 Compliance for Institutional Client Data and Asset Protection

OKX, a leading crypto exchange, today announced that it has achieved System and Organization Controls (SOC) 1 Type 2 compliance, meeting the highest global standards for protecting institutional client data and assets.

The SOC 1 Type 2 exam was administered under strict guidelines set by the American Institute of Certified Public Accountants (AICPA). Successful completion of this exam by OKX assures institutional clients that the policies and processes in place to protect their data are effective and compliant with best practices.

OKX’s key policies and processes for protecting customer data and assets include:

  • Advanced encryption technologies and strict access control procedures
  • Monthly Proof of Reserves reporting, confirming that client funds are covered 1:1
  • A comprehensive incident response plan, enabling OKX to respond quickly and effectively to potential security breaches
  • Regular training of employees on security practices
  • Strict backup and recovery processes that ensure data integrity in the event of a system failure
  • An independent auditor has conducted the SOC 1 Type 2 examination of OKX for its Bahamas entity (OKX Bahamas FinTech Company Limited) for the period from January 1, 2024 to March 31, 2024.

Mauricio Beugelmans, Chief Legal Officer of OKX, said: “Our successful completion of the internationally recognized SOC 1 Type 2 exam underscores our continued commitment to providing a reliable, trusted trading platform for our customers. We are proud to align ourselves with global best practices to protect customer data and assets. As we continue to enhance our security and transparency, we will continue to engage independent, third-party auditors to assess our security measures.”

OKX also announced on September 20, 2023 that it has achieved SOC 2 Type 2 certification. This demonstrates OKX’s continued commitment to the management of its services, the management of sensitive data, and the protection of data privacy.