In 2023, incidents of data breaches, exposures, and leakages impacted over 350 million individuals, underscoring a critical need for robust data security measures. With this kind of risk environment, customers and users want proof that they can trust you and your service providers to keep their data secure. Enter SOC 2 Type 2, an indispensable framework for enterprises committed to the highest data security standards. But what exactly is SOC 2 Type 2? And why is it important? In today’s guide, we’ll explore the intricacies of SOC 2 Type 2 and cover the best SOC 2 options in Web3!
Are you eager to elevate your Web3 projects with top-tier security? Then you should know that Moralis stands out as the first and only SOC 2 Type 2 certified Web3 infrastructure provider. So, if you want to start building with the industry’s most trusted Web3 APIs, contact us today or learn more about our commitment to data security!
What is SOC 2 Type 2?
SOC 2 Type 2 – short for ”Service Organization Control 2 Type 2” – is a security framework offering guidelines on how organizations should protect sensitive data from security incidents, unauthorized access, and other vulnerabilities. In short, it’s the gold standard for data security and the operational effectiveness of an organization’s security controls over time!
The SOC 2 Type 2 framework focuses on five Trust Services Criteria (TSC) developed by the American Institute of Certified Public Accountants (AICPA). Here’s what it entails:
- Security: The system is safeguarded from unauthorized access.
- Availability: Data is available for clients and employees, ensuring they can continue their daily operations.
- Processing Integrity: System processing is complete, accurate, valid, timely, and authorized.
- Confidentiality: Sensitive information is protected from unauthorized access.
- Privacy: Confidential personal information is safeguarded from unauthorized users.
During a SOC 2 Type 2 audit, an independent party evaluates a company’s security measures related to the TSC above over an extended period. Each criterion has specific requirements, and the company implements internal controls to meet those standards.
Compliance with SOC 2 Type 2 demonstrates a company’s commitment to maintaining a high level of information security and is a critical factor in establishing trust with partners, customers, and users. And this is often a non-negotiable requirement for enterprises that rely on software providers.
SOC 2 Type 1 vs. SOC 2 Type 2
While SOC 2 Type 2 is the gold standard for data security, it’s not the only framework. Another prominent example is SOC 2 Type 1. But what’s the difference between the two? Let’s find out in the following chart:
| SOC 2 Type 1 vs. SOC 2 Type 2 | ||
| SOC 2 Type 1 | SOC 2 Type 2 | |
| What is it? | An audit that evaluates the design of cybersecurity controls at a certain point in time. | An in-depth audit evaluating the effectiveness of cybersecurity controls over an extended period (3-12 months) to ensure they function as they should. |
| Purpose | Make sure controls are well-designed to safeguard customer data in accordance with the TSC. | Assess the operating effectiveness of security controls to ensure continuous functionality and protection. |
| Audit Time | It can be completed in weeks, enabling a quick compliance solution. | It takes 12 months to finalize, resulting in an in-depth review of control effectiveness over a longer time period. |
| Ideal For | Organizations that need immediate compliance verifications due to pressing deals. | Organizations looking for a comprehensive demonstration of their long-term commitment to data security. Essential for enterprise deals demanding higher assurances. |
| Why Choose? | Short-term solution for when formal systems are not yet in place – a step towards SOC 2 Type 2. | Provides the highest level of assurance for customers and users. The gold standard for data security and operational effectiveness of controls over time. Important for enterprises. |
Why Should You Care About SOC 2 Type 2 in Web3?
So, why should you care about SOC 2 Type 2 in Web3? To answer this question, let’s explore the benefits of working with SOC 2 Type 2 compliant service providers when building Web3 projects!
- Enhanced Security: To earn a SOC 2 Type 2 certification, the service provider must establish and follow strict security policies and procedures. This includes putting measures in place to protect data against unauthorized users, breaches, and other security incidents. So, when working with a SOC 2 Type 2 certified provider, you can be assured that both your data and your customers’ data are safeguarded.
- Reliability and Availability: The SOC 2 Type 2 framework evaluates a Web3 service provider’s operational effectiveness over time. This means that the provider not only has robust security measures in place but also a system that demonstrates consistent performance. For you and your business, this is an assurance that you can continue your operations at all times.
- Competitive Advantage: By leveraging a Web3 service provider with SOC 2 Type 2 certification, you can demonstrate your commitment to high standards of reliability and security. This can be a significant competitive advantage, especially in industries where trust and security are paramount.
With an overview of SOC 2 Type 2 and why it’s important, let’s now explore the best SOC 2 infra provider in Web3!
What are the Best SOC 2 Options in Web3?
Among the most prominent Web3 infrastructure providers, Moralis stands out as the first and only fully SOC 2 Type 2 compliant option. So, if you’re looking for a safe and secure crypto data provider for your Web3 projects, then Moralis is the way to go!
But what exactly does this mean for Moralis?
Getting the SOC 2 Type 2 certification marks a significant accomplishment that highlights Moralis’ dedication to safeguarding our clients’ information and data. And the certificate isn’t only a badge of honor but also a testament to our company’s commitment to the highest standard in cybersecurity.
As the chart above illustrates, two of our major competitors, Alchemy and QuickNode, don’t hold SOC 2 Type 2 certificates. QuickNode is SOC 2 Type 1 compliant and received the certification back in 2022. Alchemy is neither SOC 2 Type 1 nor SOC 2 Type 2 certified.
So, if you’re looking for the best SOC 2 certified infra provider in Web3, Moralis is the go-to choice!
How Did Moralis Become the First SOC 2 Type 2 Certified Web3 Infra Provider?
Earning our SOC 2 Type 2 certificate means that Moralis has undergone a thorough evaluation of data security practices. Passing this process ensures that our security controls are designed appropriately and have been operating efficiently over an extended time period to keep our client’s data safe and confidential. Essentially, the SOC 2 Type 2 certificate ensures that Moralis meets the gold standard in terms of data security.
So, if you wish to build dapps safer and more securely, make sure to sign up with Moralis today!
Build with a SOC 2 Type 2 Compliant Web3 Infra Provider – Exploring Moralis’ Web3 APIs
Now that you know more about Moralis’ dedication to data security, you might be interested in building projects with our Web3 APIs. And, to give you an overview of Moralis, let’s dive a bit deeper into our industry-leading solutions and services!
Moralis is a leading crypto data provider that helps companies drive engagement, boost growth, and build compelling user experiences. Our top-tier Web3 APIs power industry-leading Web3 projects, including MetaMask, Delta, etc., for millions of end users worldwide.
In our comprehensive suite of development tools, you’ll find more than ten use case-specific APIs that make Web3 development a breeze. Some prominent examples include the Wallet API, Token API, NFT API, and many more. With these top-tier Web3 APIs, you can seamlessly build everything from cryptocurrency wallets to decentralized exchanges (DEXs) without breaking a sweat.
Let’s explore some of the main benefits of using Moralis’ Web3 APIs:
- Comprehensive: All our API responses are enriched with metadata, market data, transaction decodings, labels, and much more. As a result, we’re able to offer Web3’s most comprehensive APIs, designed to minimize the number of calls needed to build dapps.
- Simple: With our use case-specific APIs, Web3 development becomes more accessible than ever. This gives you more time to focus on building compelling user experiences and bringing more value to your customers.
- Trusted: Moralis is trusted by industry-leading enterprise customers, including MetaMask, Delta, Blockchain.com, and many others.
To highlight the benefits of Moralis further, let’s explore some examples of prominent interfaces you’ll find in our Web3 API suite!
Leading Web3 APIs?
Wallet API
Moralis’ Wallet API supports over 500 million addresses across the biggest chains, including Ethereum, Polygon, BNB Smart Chain (BSC), and many others. And when using this interface, you can seamlessly integrate wallet functionality into any of your dapps!
With the Wallet API, you can effortlessly fetch a wallet’s token balances, net worth, transaction history, and much more with single endpoints. In turn, this tool allows you to seamlessly build everything from portfolio trackers to wallets.
To showcase the accessibility of the Wallet API, check out our endpoint for fetching the net worth of a wallet down below:
import fetch from 'node-fetch';
const options = {
method: 'GET',
headers: {
accept: 'application/json',
'X-API-Key': 'YOUR_API_KEY'
},
};
fetch('https://deep-index.moralis.io/api/v2.2/wallets/0xd8da6bf26964af9d7eed9e03e53415d37aa96045/net-worth?chains%5B0%5D=eth&chains%5B1%5D=polygon&exclude_spam=true&exclude_unverified_contracts=true', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));All you have to do is replace YOUR_API_KEY, configure the parameters, and run the code. In return, you’ll get a comprehensive response showcasing the total net worth of the address and individual values for each chain:
{
"total_networth_usd": "4286806.08",
"chains": [
{
"chain": "eth",
"native_balance": "1085515469813080189177",
"native_balance_formatted": "1085.515469813080189177",
"native_balance_usd": "3550067.16",
"token_balance_usd": "735008.04",
"networth_usd": "4285075.20"
},
{
"chain": "polygon",
"native_balance": "426857449018746625825",
"native_balance_formatted": "426.857449018746625825",
"native_balance_usd": "445.31",
"token_balance_usd": "1285.57",
"networth_usd": "1730.88"
}
]
}Token API
With the Token API, you get seamless access to all the ERC-20 data you need to build sophisticated dapps. This interface supports every single token across the biggest chains, including meme coins like Shiba Inu, stablecoins like USDC, and everything in between.
With the Token API, you can get token balances, metadata, prices, and more with just single lines of code. As such, when working with Moralis, you can now easily build everything from token explorers to portfolio trackers without any trouble.
To highlight the comprehensiveness of the Token API, check out the endpoint above, giving you everything you need to build a portfolio view of a wallet with one single call:
import fetch from 'node-fetch';
const options = {
method: 'GET',
headers: {
accept: 'application/json',
'X-API-Key': 'YOUR_API_KEY'
},
};
fetch('https://deep-index.moralis.io/api/v2.2/wallets/0xcB1C1FdE09f811B294172696404e88E658659905/tokens?chain=eth', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));Simply replace YOUR_API_KEY with your Moralis API key, configure the parameters, and execute the script. In return, you’ll get a response containing all the balances of the wallet, along with metadata, prices, and much more:
{
//...
"result": [
{
"token_address": "0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48",
"symbol": "USDC",
"name": "USD Coin",
"logo": "https://cdn.moralis.io/eth/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48.png",
"thumbnail": "https://cdn.moralis.io/eth/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48_thumb.png",
"decimals": 6,
"balance": "4553447",
"possible_spam": false,
"verified_contract": true,
"balance_formatted": "4.553447",
"usd_price": 1.001818879776249,
"usd_price_24hr_percent_change": 0.1818879776249283,
"usd_price_24hr_usd_change": 0.0018221880998897314,
"usd_value": 4.561729172660522,
"usd_value_24hr_usd_change": 0.008297236936878599,
"native_token": false,
"portfolio_percentage": 100
},
//...
]
}NFT API
The NFT API supports over three million NFT collections across all the major chains. This includes everything from established projects like Pudgy Penguins to tokens that dropped just seconds ago. So, if you’re building NFT-based projects, make sure to leverage the Moralis NFT API for all your data needs!
With the NFT API, you can fetch NFT balances, metadata, prices, and more with single API calls. As such, this is the perfect tool for anyone building NFT marketplaces, Web3 games, or portfolio trackers.
To show you how easy it is to use the NFT API, please check out the example below, where we use an endpoint to fetch the NFT balance of a wallet:
import Moralis from 'moralis';
try {
await Moralis.start({
apiKey: "YOUR_API_KEY"
});
const response = await Moralis.EvmApi.nft.getWalletNFTs({
"chain": "0x1",
"address": "0xff3879b8a363aed92a6eaba8f61f1a96a9ec3c1e"
});
console.log(response.raw);
} catch (e) {
console.error(e);
}Replace YOUR_API_KEY with your Moralis API key, configure the parameters, and run the code. In return, you’ll get a response containing an array of all NFTs held by the wallet in question:
{
//...
"result": [
{
"amount": "1",
"token_id": "5021",
"token_address": "0xfff54e6fe44fd47c8814c4b1d62c924c54364ad3",
"contract_type": "ERC721",
"owner_of": "0xff3879b8a363aed92a6eaba8f61f1a96a9ec3c1e",
"last_metadata_sync": "2024-03-15T09:39:00.991Z",
"last_token_uri_sync": "2024-03-15T09:38:50.990Z",
"metadata": null,
"block_number": "14647390",
"block_number_minted": "14647390",
"name": "Youtopia",
"symbol": "Youtopia",
"token_hash": "d4719eaf84eabcf443065b0a463f5886",
"token_uri": "http://api.youtopia-official.xyz/ipfs/5021",
"minter_address": "0x13f11fd2c7c7be94674651386370d02b7aac9653",
"verified_collection": false,
"possible_spam": true,
"collection_logo": "https://i.seadn.io/gae/e3uNxyaqT0FfnhcF9SuMqCZd3pdF36wgcnpRJ0VDjLOP71g_LwrFRgLweNNCMvsMqR5ZZ4dh5Wble12PBzvncmpLbtmdVdjr5zMy8w?w=500&auto=format",
"collection_banner_image": "https://i.seadn.io/gae/n9j18OhplkvqP5SOtuYDwpUVkJSwF6WkIV6vZMWjcm0D5qCpbd12cAaVlfZS8-3gjxjYsnjL_tIlVIsjXz28KejPB3D19Jc_MZ9Z?w=500&auto=format"
},
//...
]
}Please check out the official Moralis documentation to learn more about our APIs and explore other endpoints!
Summary: What is SOC 2 Type 2? – Exploring the Best SOC 2 Options in Web3
In 2023, over 350 million people were affected by data breaches, leaks, and other exposures. This risk environment highlights the need for solid data security measures. And this is precisely where SOC 2 Type 2 enters the equation!
But what is SOC 2 Type 2?
SOC 2 Type 2 is a security framework evaluating the effectiveness of security controls put in place to protect sensitive information from security incidents, unauthorized access, and other vulnerabilities. In essence, it’s the gold standard for cybersecurity.
In the Web3 space, the first and only infra provider with a SOC 2 Type 2 certification is Moralis. Earning this certification was a significant accomplishment for us, highlighting Moralis’ dedication to safeguarding client data. We became SOC 2 Type 2 certified after a rigorous audit where a third party evaluated our security controls over an extended time period to ensure that they worked as they should.
If you enjoyed this Web3 SOC 2 guide, consider reading additional content here on the blog. For instance, check out our guide comparing the industry’s leading Web3 API providers or dive into blockchain data analytics!
Also, did you know you can sign up with Moralis for free? So, if you haven’t already, register an account today and start building with the industry’s safest Web3 APIs straight away!
