Security & Privacy
To protect our users, their funds, privacy, and ensure a smooth operation of the service, Taurus’ security staff runs a number of security controls and procedures.
Wallet Security
- We use HSMs certified FIPS 140-2 L3 to custody and protect master keys, perform key derivation, and run our policy engine.
- We harden HSMs with our proprietary firmware extension, which enforce HSMs’ secure configuration and reduces their attack surface.
- Signatures by hardware tokens provide multi-party approval using a quorum logic not visible from blockchain data.
- Our key generation and key back-up processes are certified ISAE 3402.
![security_img](/img/security/security_img.webp)
Infrastructure Security
- Taurus’ infrastructure runs on data centers in Switzerland with banking-grade security controls and industry-standard certifications.
- All our IT systems require multi-factor authentication and follow segregation of duty principles.
- Our software delivery process is certified ISAE 3402, and includes automated security scans against supply-chain attacks.
- We have 24/7 security monitoring and incident response capabilities.
Internal Controls
- Taurus implements the three lines of defense model, composed of process owners, risk & compliance, internal & external audit.
- Our processes are audited including: access management, change management, vulnerability management, and BCP/DRP.
- All our staff undergoes background checks, and training sessions about security awareness, regulatory compliance, and data protection.
- Taurus is expecting ISO27001 certification validation in 2024.
Security Audits
- We hire world-class teams to pentest our applications and review our source code.
- Clients of our custody solution can organize their own pentests of our solution, and can receive a copy of our product’s source code
- We do daily network scans of our endpoints and API endpoints.
- Our proprietary trusted build system certifies that a binary was built from a given source code version, via an external auditor certification.
Security Research
- Our internal research unit Taurus Labs performs research projects and collaborates with world-class researchers.
- We publish open-source software, research articles, and give talks at top tier global events.
- Taurus has helped leading blockchain organizations to strengthen their security protocols.
![security_logos](/img/security/security_logos.webp)
Compliance and certifications
ISAE 3402 Type II
ISAE 3402 Type II, regarding risk
assurance and internal controls
assurance and internal controls
FIPS 140-2 Level 3
FIPS 140-2 Level 3,
regarding HSM devices
regarding HSM devices
![logo_cmta](/img/security/logo_cmta.webp)
CMTA DACS, regarding custody
procedure and technology security
procedure and technology security