Deribit has achieved the ISO 27001 security certification. ISO 27001 is a globally recognized information security standard that dictates how companies should manage their information security. In addition, Deribit also announced that it has appointed Anthony Sweeney as its Chief Information Security Officer (CISO) based in Dubai.
The annual Recertification for ISO 27001 was completed in July 2024
Deribit has secured SOC 2 Type II certification, marking a key milestone in our ongoing commitment to the highest standards of data security and privacy. SOC 2 (Service Organization Control 2), developed by the American Institute of Certified Public Accountants (AICPA), is a globally respected standard that evaluates the effectiveness of an organization’s controls related to security, availability, and confidentiality of customer data.
Unlike Type I, which assesses controls at a specific point in time, SOC 2 Type II verifies the operational effectiveness of these controls over an extended period. This certification demonstrates Deribit’s sustained dedication to protecting client information and maintaining a robust, continuously monitored security infrastructure.
Deribit has also received SOC 2 Type I certification in February 2024 - Details
Deribit has once again successfully completed the annual penetration test performed by cybersecurity firm Secura. The report from Secura confirms that Deribit's security measures are effective and up to date, ensuring the protection of our users' data and assets. The results of this test indicate that the Deribit platform has followed through on its commitment to providing a secure and transparent trading environment for users. In the penetration test, Secura found no critical or high or medium-risk flaws in Deribit’s security infrastructure. The minor issues found by Secura have been addressed to meet Secura’s and our standards. Should clients require a copy of the report for due diligence purposes we can provide one, please send a request to our support.
In July 2024 Deribit successfully completed a Mobile App penetration test for iOS and Android which resulted in no significant findings.
Deribit has been awarded the CryptoCurrency Security Standard (CCSS) Level III certification, the highest level of accreditation within the CCSS framework. This prestigious certification is a significant milestone that highlights Deribit’s continued leadership in crypto security. Unlike broader frameworks such as ISO 27001 and SOC 2, CCSS focuses specifically on the unique challenges of cryptocurrency key management, wallet operations, and infrastructure controls. Achieving Level III means that Deribit’s entire system, from custody to exchange operations, has been independently audited and validated to meet highest industry standards.