“Gold standard” privacy certification achievement strengthens the company’s Defense in Depth strategy

Crypto.com today announced it has achieved ISO/IEC 27701:2019 certification after rigorous third-party privacy audits, making it one of the first companies in the world and the first FinTech and cryptocurrency company, to achieve this coveted privacy certification.

ISO/IEC 27701:2019 is a milestone in privacy risk management, as the world’s first standard outlining privacy implementation guidelines for data protection around personally identifiable information (PII) within the organization. The audit was conducted by SGS, a leading inspection verification and certification company recognized globally with over 2,600 offices around the world.

Considered the new standard for data privacy, ISO/IEC 27701:2019 specifies the requirements for establishing, implementing, maintaining, and continuously improving a Privacy Information Management System (PIMS). It also includes requirements for the assessment and treatment of information security risks specific to the needs of the organization.

Companies determine the scope of third-party security audits, which can be as wide or narrow as they choose.  SGS’ company-wide audit of Crypto.com covered multiple departments, functions and products, including the Crypto.com App. The company’s privacy risks and controls were examined against the ISO/IEC 27701:2019 standard, and examined whether the company has put in place a privacy information management system to help to mitigate privacy risks. This certification is an extension of Crypto.com’s existing ISO/IEC 27001:2013 Information Security Management System (ISMS) certification, and focused on continuous security and privacy improvements rather than a “point in time audit”. The organization will need to maintain stringent policies, procedures, controls and commitment to continuously improve in order to maintain its certification status.

Jason Lau, Chief Information Security Officer of Crypto.com said, “Rather than focussing on one data privacy regulation, our strategy is to work towards having a global data privacy governance model, allowing us to adapt more readily to changing regional regulations. ISO/IEC 27701:2019 is validation to our employees and our customers that our focus is not just security, but also upholding the privacy rights of individuals, and an organizational-wide commitment towards constantly enhancing our global privacy program. This is yet another milestone for our team as we build trust with our customers and partners during our global expansion. This was truly a company-wide effort.”

The General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Singapore Personal Data Protection Act (PDPA), Personal Data (Privacy) Ordinance (PDPO) and other data privacy laws are just some of many regulations which are becoming more relevant for organizations around the world both large and small. Achieving ISO/IEC 27701:2019 certification demonstrates Crypto.com’s commitment to meeting these regulatory requirements through its “Defense in Depth” strategy, which now encompasses both security and privacy domains.

Kris Marszalek, Co-Founder and CEO of Crypto.com said, “ISO/IEC 27701:2019 speaks volumes to our commitment to security and privacy which has been at the core of our business since we started. As we eclipse 2 million users and expand our MCO Visa card into dozens of new countries and markets around the world, we will continue investing aggressively in our users, technology, and processes to maintain the highest standard of security and privacy in the industry.”

###