Compliance

The Armanino Trusted Node service has been designed from inception to be a "compliant" service, with a robust and auditable control environment. This Service, and the associated people, process and technology, are audited by a third-party independent accountant under the American Institute for Certified Public Accountant’s (AICPA) System and Organization Controls (SOC) reporting standard. We subject this system to third-party audit to provide users necessary comfort that we have controls in place which are suitably designed to meet the SOC 2 criteria.

Read More

Our compliance program has been launched.

Explore the SOC criteria and Control Objectives that form the foundation of our compliance program.

SOC 2, Type I Audit & Report
To be completed June 2020
SOC 2, Type II Audit & Report
To be completed November/December 2020
Ongoing Audits
To be completed annually at year-end

Compliance Program Criteria & Objectives (SSAE18 Reporting)

Armanino has placed controls into operation to meet SOC 2 criteria for Security, Availability, Confidentiality and Processing Integrity. We have identified other specific control objectives that relate to offering a robust and reliable data service that auditors can actually rely on for audit testing. We have included information on those criteria and control objectives to give transparency to our program. When our SOC 2 reporting is available from an independent audit firm, we will share that with authorized users of our Trusted Node services upon request. The 2017 AICPA SOC 2 Criteria are organized as follows.

Image placeholder

Below are selected control objectives against which we have enacted controls. For any questions on the compliance program, feel free to contact us.

The Entity demonstrates a commitment to integrity and ethical values; and, Management establishes structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of the organization's objectives.

Controls provide reasonable assurance that client admin and client user accounts are established and/or modified within the TrustExplorer suite of applications completely, accurately, timely, and in accordance with TrustExplorer's then effective Terms of Use.

Controls provide reasonable assurance that source and/or network inputs (including on-chain and off-chain data for transactions, files, account balances, blockchain data, and data received via API call) are received, processed, and/or appended completely and accurately.

Controls provide reasonable assurance that both on-chain and off-chain data is parsed, written, and stored completely and accurately to an underlying data structure that is continuously monitored.

Controls provide reasonable assurance that reporting from the TrustExplorer suite of applications is provided to users timely, completely, and accurately.

Controls provide reasonable assurance that logical access to corporate applications, production servers, storage media, and other critical infrastructure supporting the TrustExplorer suite of applications is restricted to authorized users.

Controls provide reasonable assurance that physical access to corporate locations, production servers, storage media, and other critical infrastructure supporting the TrustExplorer suite of applications is restricted to authorized users.

Controls provide reasonable assurance that changes to TrustExplorer and it's supporting systems are properly authorized, tested, approved, implemented and documented.

Controls provide reasonable assurance that timely and periodic data backups are performed and the associated restore process is tested, access to backup data is properly restricted, and offsite backups are maintained.

Controls provide reasonable assurance that systems are configured and maintained to ensure high system availability.

Information security controls provide reasonable assurance that data within the TrustExplorer system is protected from unauthorized use, modification, addition or deletion; data transmission outside the TrustExplorer platform is protected by encryption; and, such controls are monitored for effective operation.