Crypto.com, the cryptocurrency payment platform, has announced that it is one of the first fintech companies to receive ISO/IEC 27701:2019 privacy certification after a number of third-party audits.
On June 2, it has been reported in an announcement that the “Gold standard” certification aims to strengthen the company’s strategy — “Defense in Depth” as it highlights policy implementation guidelines for data protection with regard to personally identifiable information (PII) within the organization.
However, the certification was granted by SGS, leading inspection verification and certification firm that has over 2,600 offices worldwide.
Jason Lau, the Chief Information Security Officer of Crypto.com, praised the announcement and explained:
“It also ensures that we have a privacy information management system in place to continuously improve data privacy in the company’s day-to-day operations, through to how we build products for our customers. Security and privacy have been core pillars since day one.”
“It is not a matter of if you will be hacked but when.”
Lau further stated:
“(…) We need to work under the mantra of ‘assume breach,’ meaning organizations should assume that they are already breached, and there is an attacker inside their systems and staying under the radar to perform reconnaissance. This is one of the phases of the typical Cyber Attack Kill Chain.”
Likewise, Lau believes that its strategy uses the “highest standards” of security and privacy, as they claim to match the level of the traditional banks.
“When cryptocurrency regulation becomes more widespread, we will be in a strong position to continue to grow and expand. As you may have seen with all the crypto exchange hacks, the industry desperately needs more focus into cybersecurity and data privacy, and my goal is to lead by example at Crypto.com so others may follow.”
Thus, the company’s privacy risks and controls were examined against the ISO / IEC 27701: 2019 standard, as it also examined whether Crypto.com has put in place a privacy information management system to help mitigate privacy risks.