Recently Chia Network Inc, announced that we completed the last steps of a SOC 2 Type II certification audit. This audit represents years of the team’s hard work to create a compliant environment and development practices. Our team built new processes, established guidelines, and relentlessly drove our security posture forward in an effort to successfully pass this stringent investigation.
This accomplishment required strong commitment from every level of the company, it was a massive organizational effort and shift. We relied on employees at all levels to understand the controls, follow them, and demonstrate in their work the values that these controls are designed to enforce.
Why Does SOC 2 Type II Compliance Matter?
It is crucial to understand that our customers care deeply about security, compliance, and auditability–especially those in financial services.
SOC 2 Type II provides a common language for describing what “secure and compliant” means. Values are then mapped to controls that align with the real world operations. It’s not just a certification; it’s independent, time‑bound evidence that our controls don’t merely exist on paper, they function effectively over months, under real operating conditions.
At its core, SOC 2 aligns directly with Chia Network Inc’s foundational values: transparency, security, and auditability.
Transparency:
Trust is earned through clarity. SOC 2’s rigorous, third-party examination creates a standardized, externally verifiable way to demonstrate how we protect systems and data. For customers and the community, that transparency reduces ambiguity and serves to reinforce marketing claims with measurable controls and outcomes.
Security:
Strong security isn’t a single tool or policy, it’s disciplined execution across identity, infrastructure, code, and operations. SOC 2 Type II evaluates how well we do this work over time. Including access controls, change management, incident response, logging and monitoring, backup and recovery. The result is reduced operational risk and increased resilience.
Auditability:
Auditability is built into the Chia ethos, our open-source code bases and our processes are designed to be inspectable and verifiable. SOC 2 complements that philosophy by subjecting our internal practices to a formal audit framework that enterprises understand and trust.
What SOC 2 Type II Covers
SOC 2 evaluates controls across Trust Services Criteria (Security, and often Availability, Confidentiality, Processing Integrity, and Privacy). In practical terms, this means the auditor examined the effectiveness of how we:
- Govern access and identity (least privilege, MFA, periodic reviews)
- Manage change (tickets, approvals, peer review, automated gates)
- Run secure software development (threat modeling, code review, dependency hygiene, vulnerability management, CI/CD controls)
- Monitor and respond (centralized logging, alerting, incident response runbooks and drills)
- Protect data (encryption in transit/at rest, backups, recovery testing)
- Manage vendors and risk (third‑party diligence, contracts, risk registers)
- Train people and enforce policies (security awareness, onboarding/offboarding)
Type II is about operating effectiveness over time, and doesn’t represent a single point‑in‑time snapshot. That distinction is why it’s meaningful for customers making long‑term bets on our technology.
A Tool to Communicate Trust Efficiently
For enterprise and regulated customers, SOC 2 is a shared baseline. It shortens security reviews, reduces long questionnaires, and accelerates procurement because it maps our controls to a framework their security teams already use. That translates to faster deal cycles for us and faster everything for potential customers. More importantly, it provides a credible, repeatable mechanism to broadcast our commitment to security, to customers and the community, grounded in evidence.
Beyond Technology: Audited Practices and Documentation
This process didn’t only assess our infrastructure; it also examined how we work:
- Software development lifecycle and change control artifacts
- Policy documentation and real‑world adherence
- Incident response records and post‑incident reviews
- Risk assessments and mitigation tracking
- Vendor management diligence and contractual controls
- Employee lifecycle processes (onboarding, role changes, offboarding)
- Being “audit‑ready by default” has always been part of our operational DNA. That rigor strengthens our reliability and frees our teams to focus on building, not scrambling before reviews.
A Milestone and a Reflection of Our Team
Achieving SOC 2 Type II is a major accomplishment that requires consistency, discipline, and cross‑functional excellence. Our security, operations, and engineering teams delivered, patiently turning best practices into muscle memory and evidence. We’re proud of their work and the industry leading standard they set. This is not the end of a project; it’s a waypoint on a continuous journey to raise the bar. We are here for it, and it’s clearly something we are very passionate about refining.
What This Means For You
If you’re evaluating Chia, SOC 2 offers a clear, shared basis for trust. If you’re a partner or part of our community, it’s another proof point that we practice what we preach: transparency, security, and auditability by design, and by verification.
We’ll continue to communicate openly, share what we can, and keep earning confidence the right way: through evidence, reliability, and results.
We welcome your diligence and your questions. Our team is ready to engage on the merits, with the documentation to back it up.