Security & Privacy

To protect our users, their funds, privacy, and ensure a smooth operation of the service, Taurus’ security staff runs a number of security controls and procedures.

Wallet Security

  • We use HSMs certified FIPS 140-2 L3 to custody and protect master keys, perform key derivation, and run our policy engine.
  • We harden HSMs with our proprietary firmware extension, which enforce HSMs’ secure configuration and reduces their attack surface.
  • Signatures by hardware tokens provide multi-party approval using a quorum logic not visible from blockchain data.
  • Our key generation and key back-up processes are certified ISAE 3402.

Infrastructure Security

  • Taurus’ infrastructure runs on data centers in Switzerland with banking-grade security controls and industry-standard certifications.
  • All our IT systems require multi-factor authentication and follow segregation of duty principles.
  • Our software delivery process is certified ISAE 3402, and includes automated security scans against supply-chain attacks.
  • We have 24/7 security monitoring and incident response capabilities.

Internal Controls

  • Taurus implements the three lines of defense model, composed of process owners, risk & compliance, internal & external audit.
  • Our processes are audited including: access management, change management, vulnerability management, and BCP/DRP.
  • All our staff undergoes background checks, and training sessions about security awareness, regulatory compliance, and data protection.
  • Taurus is expecting ISO27001 certification validation in 2024.

Security Audits

  • We hire world-class teams to pentest our applications and review our source code.
  • Clients of our custody solution can organize their own pentests of our solution, and can receive a copy of our product’s source code
  • We do daily network scans of our endpoints and API endpoints.
  • Our proprietary trusted build system certifies that a binary was built from a given source code version, via an external auditor certification.

Security Research

  • Our internal research unit Taurus Labs performs research projects and collaborates with world-class researchers.
  • We publish open-source software, research articles, and give talks at top tier global events.
  • Taurus has helped leading blockchain organizations to strengthen their security protocols.

Compliance and certifications

ISAE 3402 Type II, regarding risk
assurance and internal controls
FIPS 140-2 Level 3,
regarding HSM devices
CMTA DACS, regarding custody
procedure and technology security