March 18, 2024

SOC 2 in Web3 – The First SOC 2 Type 2 Certified Web3 Infra Provider 

Table of Contents

In 2023, incidents of data breaches, exposures, and leakages impacted over 350 million individuals, underscoring a critical need for robust data security measures. With this kind of risk environment, customers and users want proof that they can trust you and your service providers to keep their data secure. Enter SOC 2 Type 2, an indispensable framework for enterprises committed to the highest data security standards. But what exactly is SOC 2 Type 2? And why is it important? In today’s guide, we’ll explore the intricacies of SOC 2 Type 2 and cover the best SOC 2 options in Web3!

Are you eager to elevate your Web3 projects with top-tier security? Then you should know that Moralis stands out as the first and only SOC 2 Type 2 certified Web3 infrastructure provider. So, if you want to start building with the industry’s most trusted Web3 APIs, contact us today or learn more about our commitment to data security

What is SOC 2 Type 2? 

SOC 2 Type 2 – short for ”Service Organization Control 2 Type 2” – is a security framework offering guidelines on how organizations should protect sensitive data from security incidents, unauthorized access, and other vulnerabilities. In short, it’s the gold standard for data security and the operational effectiveness of an organization’s security controls over time! 

Showing the official AICPA SOC 2 logo symbol

The SOC 2 Type 2 framework focuses on five Trust Services Criteria (TSC) developed by the American Institute of Certified Public Accountants (AICPA). Here’s what it entails: 

  • Security: The system is safeguarded from unauthorized access. 
  • Availability: Data is available for clients and employees, ensuring they can continue their daily operations.  
  • Processing Integrity: System processing is complete, accurate, valid, timely, and authorized.
  • Confidentiality: Sensitive information is protected from unauthorized access.  
  • Privacy: Confidential personal information is safeguarded from unauthorized users. 

During a SOC 2 Type 2 audit, an independent party evaluates a company’s security measures related to the TSC above over an extended period. Each criterion has specific requirements, and the company implements internal controls to meet those standards.

Compliance with SOC 2 Type 2 demonstrates a company’s commitment to maintaining a high level of information security and is a critical factor in establishing trust with partners, customers, and users. And this is often a non-negotiable requirement for enterprises that rely on software providers.

SOC 2 Type 1 vs. SOC 2 Type 2 

While SOC 2 Type 2 is the gold standard for data security, it’s not the only framework. Another prominent example is SOC 2 Type 1. But what’s the difference between the two? Let’s find out in the following chart:

SOC 2 Type 1 vs. SOC 2 Type 2
 SOC 2 Type 1SOC 2 Type 2
What is it?An audit that evaluates the design of cybersecurity controls at a certain point in time. An in-depth audit evaluating the effectiveness of cybersecurity controls over an extended period (3-12 months) to ensure they function as they should.
PurposeMake sure controls are well-designed to safeguard customer data in accordance with the TSC. Assess the operating effectiveness of security controls to ensure continuous functionality and protection. 
Audit TimeIt can be completed in weeks, enabling a quick compliance solution. It takes 12 months to finalize, resulting in an in-depth review of control effectiveness over a longer time period. 
Ideal ForOrganizations that need immediate compliance verifications due to pressing deals.Organizations looking for a comprehensive demonstration of their long-term commitment to data security. Essential for enterprise deals demanding higher assurances. 
Why Choose? Short-term solution for when formal systems are not yet in place – a step towards SOC 2 Type 2. Provides the highest level of assurance for customers and users. The gold standard for data security and operational effectiveness of controls over time. Important for enterprises. 

Why Should You Care About SOC 2 Type 2 in Web3? 

So, why should you care about SOC 2 Type 2 in Web3? To answer this question, let’s explore the benefits of working with SOC 2 Type 2 compliant service providers when building Web3 projects! 

  • Enhanced Security: To earn a SOC 2 Type 2 certification, the service provider must establish and follow strict security policies and procedures. This includes putting measures in place to protect data against unauthorized users, breaches, and other security incidents. So, when working with a SOC 2 Type 2 certified provider, you can be assured that both your data and your customers’ data are safeguarded.
  • Reliability and Availability: The SOC 2 Type 2 framework evaluates a Web3 service provider’s operational effectiveness over time. This means that the provider not only has robust security measures in place but also a system that demonstrates consistent performance. For you and your business, this is an assurance that you can continue your operations at all times.
  • Competitive Advantage: By leveraging a Web3 service provider with SOC 2 Type 2 certification, you can demonstrate your commitment to high standards of reliability and security. This can be a significant competitive advantage, especially in industries where trust and security are paramount.
Illustrative art image showing the different components of SOC 2 Type 2 with lines connecting all of the components, essentially creating the SOC 2 Type 2 Web3 Certification

With an overview of SOC 2 Type 2 and why it’s important, let’s now explore the best SOC 2 infra provider in Web3! 

What are the Best SOC 2 Options in Web3? 

Among the most prominent Web3 infrastructure providers, Moralis stands out as the first and only fully SOC 2 Type 2 compliant option. So, if you’re looking for a safe and secure crypto data provider for your Web3 projects, then Moralis is the way to go! 

Official announcement statement "Moralis is the Leading Web3 Infra Provider with its SOC 2 Type 2 Certification"

But what exactly does this mean for Moralis? 

Getting the SOC 2 Type 2 certification marks a significant accomplishment that highlights Moralis’ dedication to safeguarding our clients’ information and data. And the certificate isn’t only a badge of honor but also a testament to our company’s commitment to the highest standard in cybersecurity. 

SOC 2 Type 2 Web3 Infrastructure Data Providers Comparison Chart - Comparing Moralis, Alchemy, and QuickNode

As the chart above illustrates, two of our major competitors, Alchemy and QuickNode, don’t hold SOC 2 Type 2 certificates. QuickNode is SOC 2 Type 1 compliant and received the certification back in 2022. Alchemy is neither SOC 2 Type 1 nor SOC 2 Type 2 certified.

So, if you’re looking for the best SOC 2 certified infra provider in Web3, Moralis is the go-to choice! 

How Did Moralis Become the First SOC 2 Type 2 Certified Web3 Infra Provider?

Earning our SOC 2 Type 2 certificate means that Moralis has undergone a thorough evaluation of data security practices. Passing this process ensures that our security controls are designed appropriately and have been operating efficiently over an extended time period to keep our client’s data safe and confidential. Essentially, the SOC 2 Type 2 certificate ensures that Moralis meets the gold standard in terms of data security.

So, if you wish to build dapps safer and more securely, make sure to sign up with Moralis today!

Build with a SOC 2 Type 2 Compliant Web3 Infra Provider – Exploring Moralis’ Web3 APIs 

Now that you know more about Moralis’ dedication to data security, you might be interested in building projects with our Web3 APIs. And, to give you an overview of Moralis, let’s dive a bit deeper into our industry-leading solutions and services! 

Moralis is a leading crypto data provider that helps companies drive engagement, boost growth, and build compelling user experiences. Our top-tier Web3 APIs power industry-leading Web3 projects, including MetaMask, Delta, etc., for millions of end users worldwide.

Blue title stating Moralis, and the Moralis "M" logo on the left

In our comprehensive suite of development tools, you’ll find more than ten use case-specific APIs that make Web3 development a breeze. Some prominent examples include the Wallet API, Token API, NFT API, and many more. With these top-tier Web3 APIs, you can seamlessly build everything from cryptocurrency wallets to decentralized exchanges (DEXs) without breaking a sweat. 

Let’s explore some of the main benefits of using Moralis’ Web3 APIs: 

  • Comprehensive: All our API responses are enriched with metadata, market data, transaction decodings, labels, and much more. As a result, we’re able to offer Web3’s most comprehensive APIs, designed to minimize the number of calls needed to build dapps. 
  • Simple: With our use case-specific APIs, Web3 development becomes more accessible than ever. This gives you more time to focus on building compelling user experiences and bringing more value to your customers. 
  • Trusted: Moralis is trusted by industry-leading enterprise customers, including MetaMask, Delta, Blockchain.com, and many others. 

To highlight the benefits of Moralis further, let’s explore some examples of prominent interfaces you’ll find in our Web3 API suite!

Want to Use the Industry's
Leading Web3 APIs?

Wallet API 

Moralis’ Wallet API supports over 500 million addresses across the biggest chains, including Ethereum, Polygon, BNB Smart Chain (BSC), and many others. And when using this interface, you can seamlessly integrate wallet functionality into any of your dapps! 

Wallet API title with example code on the right

With the Wallet API, you can effortlessly fetch a wallet’s token balances, net worth, transaction history, and much more with single endpoints. In turn, this tool allows you to seamlessly build everything from portfolio trackers to wallets. 

To showcase the accessibility of the Wallet API, check out our endpoint for fetching the net worth of a wallet down below: 

import fetch from 'node-fetch';

const options = {
  method: 'GET',
  headers: {
    accept: 'application/json',
    'X-API-Key': 'YOUR_API_KEY'
  },
};

fetch('https://deep-index.moralis.io/api/v2.2/wallets/0xd8da6bf26964af9d7eed9e03e53415d37aa96045/net-worth?chains%5B0%5D=eth&chains%5B1%5D=polygon&exclude_spam=true&exclude_unverified_contracts=true', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

All you have to do is replace YOUR_API_KEY, configure the parameters, and run the code. In return, you’ll get a comprehensive response showcasing the total net worth of the address and individual values for each chain: 

{
  "total_networth_usd": "4286806.08",
  "chains": [
    {
      "chain": "eth",
      "native_balance": "1085515469813080189177",
      "native_balance_formatted": "1085.515469813080189177",
      "native_balance_usd": "3550067.16",
      "token_balance_usd": "735008.04",
      "networth_usd": "4285075.20"
    },
    {
      "chain": "polygon",
      "native_balance": "426857449018746625825",
      "native_balance_formatted": "426.857449018746625825",
      "native_balance_usd": "445.31",
      "token_balance_usd": "1285.57",
      "networth_usd": "1730.88"
    }
  ]
}

Token API 

With the Token API, you get seamless access to all the ERC-20 data you need to build sophisticated dapps. This interface supports every single token across the biggest chains, including meme coins like Shiba Inu, stablecoins like USDC, and everything in between. 

Token API title and 4 different code examples showing what to fetch using the API

With the Token API, you can get token balances, metadata, prices, and more with just single lines of code. As such, when working with Moralis, you can now easily build everything from token explorers to portfolio trackers without any trouble. 

To highlight the comprehensiveness of the Token API, check out the endpoint above, giving you everything you need to build a portfolio view of a wallet with one single call:

import fetch from 'node-fetch';

const options = {
  method: 'GET',
  headers: {
    accept: 'application/json',
    'X-API-Key': 'YOUR_API_KEY'
  },
};

fetch('https://deep-index.moralis.io/api/v2.2/wallets/0xcB1C1FdE09f811B294172696404e88E658659905/tokens?chain=eth', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

Simply replace YOUR_API_KEY with your Moralis API key, configure the parameters, and execute the script. In return, you’ll get a response containing all the balances of the wallet, along with metadata, prices, and much more: 

{
   //...
  "result": [
    {
      "token_address": "0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48",
      "symbol": "USDC",
      "name": "USD Coin",
      "logo": "https://cdn.moralis.io/eth/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48.png",
      "thumbnail": "https://cdn.moralis.io/eth/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48_thumb.png",
      "decimals": 6,
      "balance": "4553447",
      "possible_spam": false,
      "verified_contract": true,
      "balance_formatted": "4.553447",
      "usd_price": 1.001818879776249,
      "usd_price_24hr_percent_change": 0.1818879776249283,
      "usd_price_24hr_usd_change": 0.0018221880998897314,
      "usd_value": 4.561729172660522,
      "usd_value_24hr_usd_change": 0.008297236936878599,
      "native_token": false,
      "portfolio_percentage": 100
    },
    //...
  ]
}

NFT API 

The NFT API supports over three million NFT collections across all the major chains. This includes everything from established projects like Pudgy Penguins to tokens that dropped just seconds ago. So, if you’re building NFT-based projects, make sure to leverage the Moralis NFT API for all your data needs! 

NFT API title with an NFT marketplace logo on the right

With the NFT API, you can fetch NFT balances, metadata, prices, and more with single API calls. As such, this is the perfect tool for anyone building NFT marketplaces, Web3 games, or portfolio trackers. 

To show you how easy it is to use the NFT API, please check out the example below, where we use an endpoint to fetch the NFT balance of a wallet: 

import Moralis from 'moralis';

try {
  await Moralis.start({
    apiKey: "YOUR_API_KEY"
  });

  const response = await Moralis.EvmApi.nft.getWalletNFTs({
    "chain": "0x1",
    "address": "0xff3879b8a363aed92a6eaba8f61f1a96a9ec3c1e"
  });

  console.log(response.raw);
} catch (e) {
  console.error(e);
}

Replace YOUR_API_KEY with your Moralis API key, configure the parameters, and run the code. In return, you’ll get a response containing an array of all NFTs held by the wallet in question: 

{
 //...
  "result": [
    {
      "amount": "1",
      "token_id": "5021",
      "token_address": "0xfff54e6fe44fd47c8814c4b1d62c924c54364ad3",
      "contract_type": "ERC721",
      "owner_of": "0xff3879b8a363aed92a6eaba8f61f1a96a9ec3c1e",
      "last_metadata_sync": "2024-03-15T09:39:00.991Z",
      "last_token_uri_sync": "2024-03-15T09:38:50.990Z",
      "metadata": null,
      "block_number": "14647390",
      "block_number_minted": "14647390",
      "name": "Youtopia",
      "symbol": "Youtopia",
      "token_hash": "d4719eaf84eabcf443065b0a463f5886",
      "token_uri": "http://api.youtopia-official.xyz/ipfs/5021",
      "minter_address": "0x13f11fd2c7c7be94674651386370d02b7aac9653",
      "verified_collection": false,
      "possible_spam": true,
      "collection_logo": "https://i.seadn.io/gae/e3uNxyaqT0FfnhcF9SuMqCZd3pdF36wgcnpRJ0VDjLOP71g_LwrFRgLweNNCMvsMqR5ZZ4dh5Wble12PBzvncmpLbtmdVdjr5zMy8w?w=500&auto=format",
      "collection_banner_image": "https://i.seadn.io/gae/n9j18OhplkvqP5SOtuYDwpUVkJSwF6WkIV6vZMWjcm0D5qCpbd12cAaVlfZS8-3gjxjYsnjL_tIlVIsjXz28KejPB3D19Jc_MZ9Z?w=500&auto=format"
    },
    //...
  ]
}

Please check out the official Moralis documentation to learn more about our APIs and explore other endpoints! 

Summary: What is SOC 2 Type 2? – Exploring the Best SOC 2 Options in Web3 

In 2023, over 350 million people were affected by data breaches, leaks, and other exposures. This risk environment highlights the need for solid data security measures. And this is precisely where SOC 2 Type 2 enters the equation! 

Illustrative art image - showing all the requirements for Web3 SOC 2 Type 2 Certificate

But what is SOC 2 Type 2? 

SOC 2 Type 2 is a security framework evaluating the effectiveness of security controls put in place to protect sensitive information from security incidents, unauthorized access, and other vulnerabilities. In essence, it’s the gold standard for cybersecurity. 

In the Web3 space, the first and only infra provider with a SOC 2 Type 2 certification is Moralis. Earning this certification was a significant accomplishment for us, highlighting Moralis’ dedication to safeguarding client data. We became SOC 2 Type 2 certified after a rigorous audit where a third party evaluated our security controls over an extended time period to ensure that they worked as they should. 

If you enjoyed this Web3 SOC 2 guide, consider reading additional content here on the blog. For instance, check out our guide comparing the industry’s leading Web3 API providers or dive into blockchain data analytics

Also, did you know you can sign up with Moralis for free? So, if you haven’t already, register an account today and start building with the industry’s safest Web3 APIs straight away! 

Moralis Money
Stay ahead of the markets with real-time, on-chain data insights. Inform your trades with true market alpha!
Moralis Money
Related Articles
March 14, 2023

Notify Custom Webhooks – Real-Time Data with Moralis Streams

February 16, 2023

How to Deploy an NFT Using an NFT Smart Contract Example

October 7, 2022

Cronos Development – Connect Dapps to Cronos

January 31, 2023

Notify API Alternatives – Easiest Way to Set Up Web3 Notifications

August 5, 2022

Moralis Projects – Web3 Skyrim Market

October 21, 2023

Full Example Walkthrough for the eth_call RPC Method

November 16, 2022

Polygon Webhooks – How to Use Webhooks on Polygon 

September 28, 2022

How to Connect MetaMask to Website with NextJS