CoinSpot, one of Australia’s top cryptocurrency exchanges by trading volume, says its security systems have been given the International Organization for Standardization (ISO) stamp of approval.
CoinSpot is the first cryptocurrency exchange in Australia to receive an ISO information security accreditation. The platform now has a user base topping one million, according to its own figures.
To meet the ISO/IEC27001 standard, CoinSpot was required to complete an external audit undertaken by SCI Qual International, an accredited Joint Accreditation System of Australia and New Zealand certification body.
ISO 27001 was developed to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system. It uses a top-down, risk-based approach and is technology-neutral. The specification defines a six-part planning process:
- Define a security policy.
- Define the scope of the ISMS.
- Conduct a risk assessment.
- Manage identified risks.
- Select control objectives and controls to be implemented.
- Prepare a statement of applicability.
The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organisation.
“There are inherent risks in keeping assets stored in exchanges as the history of the industry will attest and this ISO certification provides evidence of the hard work and continued effort of our team to protect our customers,” said Russell Wilson, founder of CoinSpot.
SCI Qual conducted an in-depth investigation into the exchange’s Information Security Management processes and practices. This includes processes relating to the management of; digital asset storage, information relating to employees, contractors, suppliers, clients, products, processes, and intellectual property. These stringent policies are designed to eliminate unauthorised access, use, destruction, modification or closure of the organisations information management systems.
The insurance policies laid out by SCI Qual are supposed to improve safety by eliminating unauthorised entry corresponding to through hacking, in addition to destruction, alteration or closures of the group’s data administration programs.