Security

The crypto-asset custody service has been certified compliant with the ISO 27001:2022 standard by Bureau Veritas.

GOin uses Fireblocks’ technology to secure your crypto-assets. Fireblocks is a leading provider of crypto-asset custody solutions, renowned for its robustness and reliability.

Fireblocks holds SOC 2 Type II certification and undergoes frequent penetration testing conducted by ComSec and NCC Group. It’s also certified by the International Standard Organization regarding security (ISO 27001), cloud (ISO 27017) and privacy (ISO 27018).

Fireblocks’ digital vaults are based on the MPC-CMP (Multi-Party Computation-Cryptographic Multi-Party) protocol.

MPC-CMP is a revolutionary approach to cryptography that secures transactions and the custody of crypto-assets by distributing cryptographic keys among multiple parties. Instead of relying on a single private key, MPC-CMP divides the information needed to validate a transaction between several independent entities. No single party has enough information to act alone, eliminating a single point of failure.

The benefits of MPC-CMP are:

• enhanced security. By distributing cryptographic keys, the risk of theft or loss of assets is significantly reduced. Even if some of the keys are compromised, your assets remain protected.
• flexibility and control. This technology allows flexible implementation of security policies (e.g., board quorum) without compromising security.
• operational efficiency. MPC-CMP reduces the complexity and time required to perform secure transactions, improving operational efficiency while maintaining a high level of security.

By integrating Fireblocks’ MPC-CMP into its infrastructure, GOin ensures state-of-the-art security for the custody and management of your crypto-assets. Only the crypto-assets necessary for trading operations are transferred to marketplaces.

This advanced technology, in addition to our compliance with ISO 27002:2022 and independent audits, underscores our commitment to providing a secure investment environment.

The ISO/IEC 27001 standard is the most well-known international standard for information security management systems (ISMS). It is part of the ISO/IEC 27000 family of standards, developed to help organizations secure their information and manage information security risks.

GOin’s information security management system has been certified compliant with ISO 27001:2022 by Bureau Veritas. This certification covers all services provided by GOin:

• Custody of crypto-assets
• Brokerage of crypto-assets (exchanges of crypto-assets for funds or for other crypto-assets)
• Portfolio management on crypto-assets
• Advisory on crypto-assets

GOin has implemented recommendations and best practices in information security management, organized across various domains, such as asset management, access control, cryptography, physical and environmental security, operations and communications management, system acquisition, development and maintenance, information security incident management, business continuity, and compliance.

In addition to these measures, GOin operates a Managed SOC (Security Operations Center), providing continuous monitoring of its entire information system. This operational center, active 24/7, detects, analyzes, and responds in real-time to potential threats, ensuring proactive and enhanced protection against security risks.

Our ISO 27001 certification by Bureau Veritas and our Security Assurance Plan are available to our clients and partners upon request.

GOin’s infrastructure is hosted by AWS, the world leader in cloud computing, in data centers located in France and Germany. AWS maintains a list of reports, certifications, and third-party assessments to ensure best security practices. For more information on AWS compliance, please visit its compliance program.

The data centers themselves are secure by a variety of physical controls to prevent unauthorized access. More information on AWS data centers and their security controls can be found on its dedicated page.

GOin’s technical teams follow best practices in terms of AWS architecture and configuration. Our infrastructure has been audited by independent PASSI-accredited third-party auditors.

Data in transit and at rest is systematically encrypted, guaranteeing its confidentiality and integrity during transfer. In addition, mutual authentication is required, whenever technically possible, to allow data decryption, thus strengthening protection against unauthorized interceptions.

GOin implements rigorous logging to ensure the traceability of actions performed by its teams and clients. Logs include detailed information on actions performed, security events, transactions, and changes made to systems and data.

The collection and retention of logs allow GOin to monitor activities, detect anomalies or intrusion attempts and facilitate investigations in the event of a security incident.

For more informations about your data protection, please find our privacy policy.