The Merkle Shield: Pioneering Security with ISO 27001, SOC 2 type II, and GDPR Certification

Merkle Science
October 18, 2024

As a leading blockchain analytics provider enabling law enforcement and crypto businesses to tackle financial crimes, earning industry grade credentials underscores our commitment to setting the highest standards for protecting sensitive information. Adding to the existing fort of our robust security - ISO 27001, SOC 2 type II- Merkle Science is now GDPR compliant as well. The company received its GDPR compliant certification in December 2023 after an independent audit.

Validating Our Controls and Safeguards

Our rigorous certification process scrutinized every aspect of information security, from asset management to access controls and data encryption. This ensures complete confidence that Merkle Science upholds essential safeguards when analyzing blockchain data.

Specifically, here’s how these certifications reinforce trust in our platform:

GDPR

The addition of GDPR certification in December 2023, demonstrates our full compliance with strict EU regulations on transparently and safeguarding personal privacy rights. The scope of the registration includes, “Design, Development, Maintenance, Technical Support, Sales, and Marketing of Merkle Science.”

Our certification confirms Merkle Science upholds essential GDPR requirements related to:

  • Ensuring that the clients’ management system documentation meets the requirements of the standard/specification.
  • To confirm that the client organization adheres to its own policies, objectives, and procedures and all the requirements of the GDPR standard and other normative documents.
  • To verify the implementation of the General Data Protection Regulation (GDPR) as per the Standard Requirement, verification of records for the conformity of said implementation.

To better understand these requirements, here is a simplified version of the audit:

  • Documentation Compliance:
  • Certification ensures that Merkle Science has organized and documented its management system in line with the GDPR requirements. This includes all the necessary policies and procedures that are needed to meet the standards.
  • Adherence to Policies and Objectives:
  • The certification verifies that Merkle Science follows its own set of rules, goals, and procedures. This includes making sure that the company aligns with the policies, objectives, and requirements laid out in the GDPR standard and other relevant documents.
  • Implementation of GDPR:
  • The certification confirms that Merkle Science has effectively put into practice the General Data Protection Regulation (GDPR) based on the standard requirements. This involves checking records to ensure that the implementation is in conformity with the specified GDPR guidelines.

This achievement highlights our intense focus on engraining data privacy protections into every aspect of our blockchain analytics platform. Our global customers can feel fully confident we take Europe’s world-leading privacy regulation seriously.

ISO 27001

In August 2021, Merkle Science achieved the industry grade certification for, “design, development, and release of ‘Blockchain Monitor’ and ‘Blockchain Investigator’ products, as well as support functions such as HR, IT, and information security. It validates our comprehensive controls framework for managing risks to data and information security based on stringent international criteria. Our Information Security Management System Meets Global Standard ISO 27001. An independent audit verified Merkle Science's full conformance with ISO 27001, widely recognized as the premier international standard for information security management systems (ISMS).

Some key areas confirmed to meet best practices:

  • Comprehensive policies and procedures governing areas like access controls, encryption, vulnerability management, and incident response
  • Ongoing security awareness training for all employees
  • Regular internal audits and testing to continually enhance protections
  • Achieving ISO 27001 certification demonstrates our full commitment to implementing the robust controls and framework needed to secure sensitive information and analytics data for customers.

SOC 2 Reinforces Our Security Posture

In addition to ISO 27001, GDPR, and independent audits, Merkle Science upholds the vital SOC 2 Type 2 certification for service organizations since March 2023.

After rigorous evaluation by independent auditors, we earned SOC 2 accreditation for meeting strict criteria around:

  • Security: Safeguards for system/data access, encryption, vulnerability management, and incident response
  • Availability: Ensuring ongoing system functionality and uptime
  • Confidentiality: Protecting sensitive customer data
  • Privacy: Adhering to privacy policies and procedures
  • Processing Integrity: Maintaining accuracy of analytics processing and reporting

Attaining this significant credential demonstrates Merkle Science's unwavering dedication to instituting and following best-practice controls for security, availability, confidentiality, privacy, and processing integrity.

Our SOC 2 compliance further instills customer confidence in our governance to provide reliable, accurate blockchain analysis securely. Continuous enhancements to our controls framework will ensure we maintain SOC 2 conformance for years ahead.

Building Trust and Confidence

For customers in law enforcement, financial institutions, and cryptocurrency exchanges, partnering with a certified provider is key to ensuring diligence and meeting compliance obligations when leveraging blockchain analysis. Our certifications provide that external validation while giving users greater confidence in our systems.

And we’re not stopping there. Merkle Science will continually enhance protections as technology and threats evolve to provide the trusted insights and transparency our clients expect. With ISO 27001, SOC 2 type II, and GDPR certifications now in place, we’re proud to set the new industry standard for blockchain analytics and data security. 

To learn more about Merkle Science’s platform capabilities for managing crypto risk and maintaining compliance amid growing regulation, schedule a demo today. Our team of subject-matter experts is here to help at every step along the journey.