Casa Blog - Bitcoin Security Made Easy
Security

Announcing SOC 2 Type II Compliance

by Jameson Lopp 2 min read

At Casa, the safety of our clients is top priority. That's why we're pleased to announce that we've successfully passed a SOC 2 Type II audit - this is a significant milestone that reflects our unwavering commitment to the security, integrity, and availability of our self custody service.

This attestation isn't just about checking off some boxes - it's about demonstrating that we've built our infrastructure from the ground up to protect our clients' data and assets with the highest standards in the industry.

What is SOC 2 Type II?

System and Organization Controls 2 (SOC 2) is a widely respected auditing framework developed by the American Institute of Certified Public Accountants (AICPA). It sets standards for how service providers should manage customer data, with specific focus on five trust principles: security, availability, processing integrity, confidentiality, and privacy.

A SOC 2 Type II report is compiled by an independent third party auditor (in our case, Prescient Assurance) that evaluates whether the design of our systems and controls meets those standards over a period of time. Our latest attestation covers an audit period spanning from April 1, 2025 to November 15, 2025. In the context of Casa's systems, this means:

  • Controls are in place to prevent unauthorized access to sensitive infrastructure.
  • Operational policies and procedures are documented, tested, and enforced.
  • Safeguards are in place to protect both customer data and wallets from threats.

Why This Matters to Our Clients

Although Casa is architected with trust minimization in mind, users of our platform benefit from additional transparency and assurance. Our SOC 2 Type II attestation is more than a badge, it's an independent verification that:

  • Your account data is stored securely using institutional-grade, audited controls.
  • Our platform was built with risk management in mind, including rigorous protections against both cyber and physical threats.
  • We are serious about operational integrity, business continuity, and access control across our entire organization.
  • In an industry where blind trust is dangerous, we believe in proving our trustworthiness with processes that are measurable, repeatable, and verified by professional auditors.

What's Next: SOC 1 and Beyond

SOC 2 is just the beginning. Our next endeavor is SOC 1 which primarily pertains to financial reporting controls. After that we will likely expand to ISO 27001, which is an international standard in comparison to SOC 2 which is a framework used primarily in the United States.

As expectations evolve in the custody space, so will we. Because safety isn't just a feature, it's our fundamental responsibility.

If you have any questions about our monitored controls, subprocessors, or audit status, please visit our Compliance Center for further details.

Read more posts by this author

Jameson Lopp

Jameson Lopp is co-founder and Chief Security Officer of Casa. He is passionate about creating tools to empower individuals; he has been building bitcoin wallets since 2015.

The link has been copied!