SettleMint has completed its latest SOC 2 Type II audit, conducted by the independent auditor Securance Pro Assurance PLLC, with no exceptions noted across every control tested.
For SettleMint, the report confirms that the controls protecting client data and the availability of the Digital Asset Lifecycle Platform functioned as intended throughout the audit period.
These controls are the foundation that financial institutions, market infrastructure operators, and governments rely on to run digital assets in production with confidence. The same meticulous controls that satisfied an independent auditor are the ones that keep client workloads secure, resilient, and available every day.
The audit was performed against the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA), and it assessed three areas of our operations:
SettleMint relies on AWS, Google Cloud, and Microsoft Azure for cloud hosting. The audit evaluated our own controls together with the complementary controls these providers are expected to maintain.
A SOC 2 Type I report confirms that controls are designed appropriately at a single point in time.
A Type II report goes considerably further, because it tests whether those controls operated effectively across a continuous period. In our case, this involved three months of evidence covering access management, change management, risk assessment, vendor management, encryption, and incident response.
The outcome was clean. The auditor noted no exceptions, which means that every control held up under examination. This report builds on SettleMint's previous SOC 2 Type II audit and our wider investment in independent security standards.
At SettleMint, the protection of client data, the security of our systems, and the confidentiality and availability of the Digital Asset Lifecycle Platform are a core foundation of how we serve regulated institutions. Financial institutions, market infrastructure operators, and governments operate under demanding obligations, and they need a provider whose controls are held to the same standard as their own.
With the completion of this SOC 2 Type II certification, our clients receive independent confirmation of that foundation. The report addresses a significant part of their security and procurement due diligence in advance, which shortens onboarding and provides their risk and compliance teams with assurance that comes from an external auditor and not from a provider's own assertion.
"Our clients run mission-critical systems on our platform, and they need evidence that our security holds up over time, not only on the day of an audit. A clean SOC 2 Type II report with no exceptions gives them exactly that." Adam Popat, CEO of SettleMint.
The report reflects SettleMint's continued investment in the independent security and compliance standards required in regulated markets. SettleMint submits its controls to independent examination on a recurring basis, so that clients can rely on consistent assurance from one audit period to the next. This consistency is a core part of why these institutions trust SettleMint as a foundation for their digital asset operations.
SettleMint, headquartered in Leuven, Belgium, with offices in the UAE, Singapore, and Japan, is the company behind DALP, the Digital Asset Lifecycle Platform. DALP enables financial institutions, market infrastructure operators, and governments to build, deploy, and manage digital assets and blockchain applications at scale.