The Lukka difference.

Learn about our security and data protection measures, regular compliance checks through internal reviews and audits, and the availability of our cloud services worldwide.

Trust Center

We care about your data. At Lukka, we invest both our time and capital to make sure that you can trust our products. This is challenging and requires constant attention, but our goal is to manage the risk associated with our products so that we can enable you to focus on your business and not on the reliability or quality of our products. We strive to add the frameworks that you care about and want your feedback.

AICPA SOC Reporting

AICPA SOC reports serve an important role in the management of Service Organization (or vendor) risk. The AICPA independently sets the standards associated with SOC Audits. Typically annually, an independent auditor conducts SOC audits using this framework of a Service Organizations controls – these conclude with a report describing the results of the audit. This helps any organization that is using a Service Organization as a vendor to rely on these reports to mitigate risks associated with the products that they are using.

Service Organization Company. This is a term used to describe vendors in a standards framework that is governed by the American Institute of Certified Public Accountants (AICPA).

A SOC 1 Report is the result of an audit of controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting. In short, if our products produce financial calculations, you want us to have this report created by a reputable auditor.

A SOC 2 Report is the result of an audit of the controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy risk domains. Not every SOC 2 includes all of these, so make sure to check for which are relevant to your business and that you ask for the report to ensure it has what you need.

This is very important to understand: Both Type 1 and Type II audits "report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description". However, a Type I is "at a specific date", so usually faster, less costly, and gives you much LESS assurance that controls are working. In contrast, Type II is conducted "throughout a specified period", so is more comprehensive (during a Type II audit, the controls are verified to be working over a period in order to ensure they are working consistently). Type II reports typically take longer and are more costly to conduct, but the result is more mature controls. Lukka only conducts Type II audits for BOTH SOC 1 and SOC 2 reports.

12 Month Period
Updated Annually

SOC 1 Type II

Lukka was the first company serving the crypto industry to perform an AICPA SOC 1 Type II audit in 2018 and then a SOC 2 Type II in 2019. Read more about how we invest in top auditors to look at our technology risk so that you don’t have to.

21972-312_SOC_NonCPA-1 (1)

SOC 1 reports are on Controls at a Service Organization Relevant to User Entities' Internal Control over Financial Reporting (ICFR). These reports, prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, are specifically intended to meet the needs of entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors), in evaluating the effect of the controls at the service organization on the user entities’ financial statements.

No, they are all custom-tailored to the specific Service Organization and can vary significantly. We recommend asking any Service Organization that you plan on using as a vendor who their SOC auditor is, for a copy of the SOC report, whether it was a Type I or Type II (Type II is strongly preferred), and how many years the Service Organization has conducted SOC audits.

Lukka conducts both SOC 1 Type II and SOC 2 Type II audit annually. For the portion of the year outside of testing periods we off bridge letters to customers upon request.

SOC 2 Type II

Lukka was the first company serving the crypto industry to perform an AICPA SOC 1 Type II audit in 2018 and then a SOC 2 Type II in 2019. Read more about how we invest in top auditors to look at our technology risk so that you don’t have to.

21972-312_SOC_NonCPA-1 (1)

Per the AICPA, SOC 2 reports cover controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.

 

These reports can play an important role in: 

  • Oversight of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory oversight

No, they are all custom-tailored to the specific Service Organization and can vary significantly. SOC 2 reports specifically may or may not include any of the 5 risk domain areas: Security, Availability, Processing Integrity, Confidentiality, and Privacy. We recommend asking any Service Organization that you plan on using as a vendor who their SOC auditor is, for a copy of the SOC report, whether it was a Type I or Type II (Type II is strongly preferred), and how many years the Service Organization has conducted SOC audits.

Lukka conducts both SOC 1 Type II and SOC 2 Type II audit annually. For the portion of the year outside of testing periods we off bridge letters to customers upon request.

Cloud Operations

Lukka systems operate on AWS cloud platforms allowing for agility and instant elasticity in the most stable and secure environments available today.  


AWS Cloud systems power hundreds of thousands of businesses in 190 countries around the world with world-class data center locations in the U.S., Europe, Brazil, Singapore, Japan, and Australia.