On January 30, Nexo, a digital asset institute, achieved confirmation of its security and privacy protocols by obtaining ISO 27017 and ISO 27018 certifications, according to the information shared with Finbold.
This builds on the established foundation of ISO 27001 standards within the organization. The award by RINA, a multinational inspection, certification and technical consultancy firm known for its standards, reflects its commitment to protecting customer data, strengthening cloud security and enforcing privacy standards in today’s digital landscape.
The importance of implementing robust security measures has become increasingly apparent. In 2023, despite a 50% reduction in losses from security incidents within the cryptocurrency sector, the total still reached $1.7 billion. This figure underlines the importance of Nexo’s compliance with security standards.
The joint impact of ISO 27001, ISO 27017 and ISO 27018
Nexo is known for its Information Security Management Systems (ISMS) and has been ISO 27001 compliant since 2019 and has expanded its credentials to include ISO 27017 and ISO 27018.
Nexo’s commitment to security is reflected in its ISO 27001 certification, which emphasizes a security-oriented approach. ISO 27017 extends these principles to the cloud, in line with common use of the crypto ecosystem. ISO 27018 reinforces Nexo’s commitment to privacy, emphasizing explicit consent, data minimization, and rigorous third-party controls for personally identifiable information in the cloud.
Nexo’s chief security officer Milan Velev said:
“Nexo’s integration of ISO standards for information security and privacy represents a major step forward in our journey to set new benchmarks in digital finance. We not only meet international standards; we lead by example and prioritize the security and privacy of our customers in every aspect of our operations.”
Kalin Panev, RINA country manager, added:
“We are pleased to certify Nexo to the ISO 27017 and ISO 27018 standards. This partnership underlines RINA’s commitment to advancing advanced security measures and data protection in the innovative financial technology sector.”
Nexo’s acquisition of the ISO 27017 and ISO 27018 certifications reinforces the company’s ongoing commitment to maintaining the highest standards in security and privacy. This commitment is reinforced by the SOC 2 Type 2 audit and achievement of the CSA Security, Trust & Assurance Registry (STAR) Level 1 certification.
Rather than viewing these achievements as final destinations, Nexo views them as critical steps in an ongoing journey toward setting benchmarks in security and transparency within the digital asset space.