The Armanino Trusted Node service has been designed from inception to be a "compliant" service, with a robust and auditable control environment. This Service, and the associated people, process and technology, are audited by a third-party independent accountant under the American Institute for Certified Public Accountant’s (AICPA) System and Organization Controls (SOC) reporting standard. We subject this system to third-party audit to provide users necessary comfort that we have controls in place which are suitably designed to meet the SOC 2 criteria.Read More
Our compliance program has been launched.
Explore the SOC criteria and Control Objectives that form the foundation of our compliance program.
Compliance Program Criteria & Objectives (SSAE18 Reporting)
Armanino has placed controls into operation to meet SOC 2 criteria for Security, Availability, Confidentiality and Processing Integrity. We have identified other specific control objectives that relate to offering a robust and reliable data service that auditors can actually rely on for audit testing. We have included information on those criteria and control objectives to give transparency to our program. When our SOC 2 reporting is available from an independent audit firm, we will share that with authorized users of our Trusted Node services upon request. The 2017 AICPA SOC 2 Criteria are organized as follows.
Below are selected control objectives against which we have enacted controls. For any questions on the compliance program, feel free to contact us.
Entity Level Controls
The Entity demonstrates a commitment to integrity and ethical values; and, Management establishes structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of the organization's objectives.
Account Setup and Modification
Data Integrity of System Inputs & Node Synchronization
Controls provide reasonable assurance that source and/or network inputs (including on-chain and off-chain data for transactions, files, account balances, blockchain data, and data received via API call) are received, processed, and/or appended completely and accurately.
Data Processing, Storage & Monitoring
Controls provide reasonable assurance that both on-chain and off-chain data is parsed, written, and stored completely and accurately to an underlying data structure that is continuously monitored.
External Reporting & Data Accessibility
Controls provide reasonable assurance that reporting from the TrustExplorer suite of applications is provided to users timely, completely, and accurately.
Controls provide reasonable assurance that logical access to corporate applications, production servers, storage media, and other critical infrastructure supporting the TrustExplorer suite of applications is restricted to authorized users.
Controls provide reasonable assurance that physical access to corporate locations, production servers, storage media, and other critical infrastructure supporting the TrustExplorer suite of applications is restricted to authorized users.
Controls provide reasonable assurance that changes to TrustExplorer and it's supporting systems are properly authorized, tested, approved, implemented and documented.
Data Retention & Management
Controls provide reasonable assurance that timely and periodic data backups are performed and the associated restore process is tested, access to backup data is properly restricted, and offsite backups are maintained.
Controls provide reasonable assurance that systems are configured and maintained to ensure high system availability.
Security, Data Transmission & Continuous Monitoring
Information security controls provide reasonable assurance that data within the TrustExplorer system is protected from unauthorized use, modification, addition or deletion; data transmission outside the TrustExplorer platform is protected by encryption; and, such controls are monitored for effective operation.